A design flaw in Intel microprocessors has Linux and Microsoft Windows developers reworking their kernels to defend against exploitation of the security bug.
Details of the flaw have not yet been made public, and Intel and Microsoft have remained mum about the chip design flaw, which was first reported by The Register this week. The report said Microsoft is expected to issue updates for Windows in next week’s Patch Tuesday batch, while Linux developers have been openly working on fixes online. According to the report, the OS updates ultimately could slow performance of the systems, in some cases by five- to 30%. Newer Intel processors aren’t as susceptible to a performance impact, the report said.
Security experts around globe says without the details of the flaw out yet, it doesn’t make sense to theorize about its ramifications. “I think we shouldn’t speculate until the bug is disclosed,” Kaminsky says. “Clearly, the notable part of this is whatever it is can’t be addressed in microcode.”
The kernel is designed to separate “userland” from sensitive kernel areas “so that userland programs can’t take over from the kernel itself and subvert security, for example by launching malware, stealing data, snooping on network traffic and messing with the hardware,” wrote Sophos security analyst Paul Ducklin in a post today.
The security patch implements kernel page-table isolation (KPTI) to move the kernel into an entirely separate address space and keeps it protected and inaccessible from running programs and userspace, which requires an update at the operating system level.
“The purpose of the series is conceptually simple: to prevent a variety of attacks by unmapping as much of the Linux kernel from the process page table while the process is running in user space, greatly hindering attempts to identify kernel virtual address ranges from unprivileged userspace code,” writes Python Sweetness.
“With the page table splitting patches merged, it becomes necessary for the kernel to flush these caches every time the kernel begins executing, and every time user code resumes executing.”
The Linux patch that is being released for ALL x86 processors also includes AMD processors, which has also been considered insecure by the Linux mainline kernel, but AMD recommends specifically not to enable the patch for Linux.
Microsoft is likely to fix the issue for its Windows operating system in an upcoming Patch Tuesday, and Apple is also likely working on a patch to address the vulnerability.