Underside of CPU

A Potentially Massive Intel Processor Security Flaw – What We Know So Far

Jan 9, 2018

A security gap in countless Intel processors places what should be private user data at serious risk.

Intel Security Flaw

Kernel memory is the portion of a device’s memory that is dedicated to the most essential core components of that device’s operating system and their interaction with system hardware. It is, for the most part, a technical aspect of electronic devices that the average user pays very little mind to – if they’re even aware of its function at all.

These days, however… kernel memory has come up in many a conversation thanks to a massive security flaw that’s been uncovered in modern Intel processors. Just about every Intel processor manufactured in the last decade has this flaw baked-in to the Intel x86-64 hardware, making it an extraordinarily difficult problem to fix.

Essentially, this flaw makes it possible for malicious programs to read protected areas of a device’s kernel memory, exposing sensitive data such as passwords to hackers. It’s entirely possible that something as basic as JavaScript running on a webpage or cloud-hosted malware can use this flaw to gain access to the inner workings of these Intel processors. As the Register reported earlier this month, programmers are already scrambling to come up with a solution to this problem with an urgency that is making a lot of people very nervous as to just what the scope of this flaw really is.

A patch has been developed, but it’s not the good news users have been hoping for. Because the flaw is baked-in, correcting the issue requires severing kernel memory entirely from user processes. Using KPTI (Kernel Page Table Isolation) patches to move the kernel into a completely separate address space means taking things a step beyond an invisible process. It’s as if the kernel isn’t there at all. This protects kernel memory data and processes from the flaw, but also creates a ton of extra work for your system.

It’s estimated that users could experience anywhere from a 5 – 30% decrease in performance once this patch is in place, which is a massive slowdown. The need for the processor to now dump cached data and reload it from memory each time it switches from the original address to the invisible one drastically increases the kernel’s overhead.

A performance drop like that would be frustrating for any user, but for businesses that rely on enterprise-scale cloud computing or other massive hosted system solutions, this decrease will be substantially more noticeable. Hopefully, a better implementation of this patch in the future will lessen the impact on system performance, but for now, that remains to be seen.

This Problem Is Much Bigger Than First Thought

When this story first broke, it was understood that this flaw was unique to Intel processors, but in the days since that has changed. Recent reports on the analysis to date have found that this exploit isn’t just an Intel problem – it could be found in computers containing AMD, ARM, and Qualcomm processors as well. Apple’s 64-bit macOS is also impacted by this flaw and will require a major fix in order to correct the exploit.

Both Microsoft Azure and Amazon Web Services have notified users that major security updates will be coming very soon, and will likely result in the same massive system slowdown we mentioned previously. The need to keep secured data secure is the number one priority for these patches and updates, necessitating the sacrifice of performance in the short-term while experts continue to work on the problem.

What Kind Of Damage Can This Exploit Do?

This processor flaw opens users up to a number of risks. Hackers can leverage this flaw to more easily exploit other system or software flaws that exist on your device. That’s not a great outcome, but it’s the less damaging possibility. Because this flaw grants access to kernel memory, any logged-in users or programs can help themselves to sensitive data that would normally be difficult to get a hold of without a significant amount of effort.

Suddenly, mundane bits of malware that might be lurking on web pages become much more powerful – and more dangerous.

At this point, it looks like the effects of this processor exploit will be widespread, meaning every business needs to be aware of the risks this flaw presents and the steps being taken to minimize those risks. We highly recommend you get in touch with your IT support provider to make sure any patches or updates that have been released to deal with this exploit have been installed on your systems and to make sure that they’re staying on top of the situation. Your provider can help you manage any potential side effects cause by these patches, and help you to maintain the level of productivity and efficiency your business needs.

If you have questions about this processor flaw or would like to learn more about what you can do to lessen the impact this may have your business, contact us at any time.

About Trevor