A security flaw in Intel processors has led to a redesign of Linux and Windows kernels. Programmers have been busy for the past two months patching the Linux kernel’s virtual memory system to protect against a bug in Intel CPUs that could let attackers exploit security weaknesses and access security keys, passwords, and files cached from a disk. The Register reports that updates are required for both Windows and Linux systems, and performance of a machine will be affected.
Reports suggest information around the specific bug has been kept confidential between software and hardware vendors, and patches for the Linux kernel include comments that have been redacted to prevent attackers discovering the precise weakness. The security bug could be present on Intel processors manufactured over the past 10 years, meaning many systems will require updates.
The exact bug is related to the way that regular apps and programs can discover the contents of protect kernel memory areas. Kernel’s in operating systems have complete control over the entire system, and connect applications to the processor, memory, and other hardware inside a computer. There appears to be a flaw in Intel’s processors that lets attackers bypass kernel access protections so that regular apps can read the contents of kernel memory. To protect against this, Linux programmers have been separating the kernel’s memory away from user processes in what’s being called “Kernel Page Table Isolation.”
The problem with this isolation is that some programmers are reporting performance hits after systems are patched. The Register reports that the slowdowns could be between 5 and 30 percent depending on the exact Intel processor. While Linux patches have been rolling out over the past month, a Windows 10 patch is not yet available. Some are speculating that Microsoft will deliver this in an upcoming Patch Tuesday, as the company started separating the NT kernel memory with Windows 10 beta builds in November. We’ve reached out to Microsoft to learn when this security fix will be in place, and we’ll update you accordingly.
It’s still unclear how these patches will affect regular Windows and Linux machines. One researcher speculates that virtual machines and cloud providers will be most affected by the security problem and resulting performance hits. Microsoft’s Azure cloud will experience maintenance next week, and Amazon Web Services has warned that a big security update is coming on Friday.
AMD has confirmed that its own processors are not affected by this security bug. “AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against,” explains Tom Lendacky, an AMD engineer. AMD stocks have soared this morning as a result of Intel’s processor flaw. Intel has not yet publicly commented on the security problem.