HomeWinBuzzer NewsMassive Intel CPU Vulnerability Requires OS-Level Performance Sapping Patch

Massive Intel CPU Vulnerability Requires OS-Level Performance Sapping Patch

Early reports suggest a massive Intel chip-level security flaw leaves the kernel vulnerabile in chips released in the last 10 years. A potential PTI workaround will come at a cost of heavy performance loss.

-

Are all powered PCs now vulnerable? A security flaw has been discovered that compromises every Intel processor launched over the last 10 years. That means the PC you have right now is likely vulnerable and a fix will not be easy. That's because the problem is at chip-level and will require an OS-level overwrite to the kernel.

The security flaw is so pervasive, it is unlikely a simple patch will solve it. Instead, the CPU-level fault would need a major overhaul of how map page tables and will sap performance. It is worth pointing out that Intel has yet to officially discuss this problem and its severity is bring speculated.

However, numerous sources say a major bug is baked into Intel x86 and x64 hardware. The company is so worried about the risk of this vulnerability that it has been placed under embargo. Reports suggest the problem revolves around how processors manage kernel execution.

Any program that needs to execute a command or perform any task, it is up to the kernel to take control. This is achieved by the processor passing the system control to the kernel. To make these processes smooth, the kernel burrows itself into the virtual memory address spaces of all processes, even when the processor takes back control.

The way this function works potentially leaves the system wide open. Kernels remain in virtual memory and could possibly be accessed by exploits found in modern web browsers. Malicious database programs or JavaScript could effectively corrupt a system.

There are conflicting reports about whether this affects the newest Intel CPUs, but it probably doesn't. That's because newer processors have been enabled with Process-Context Identifiers (PCID), which remove performance strains of the Kernel Page Table Isolation (PTI) workaround. PTI places the kernel in a dedicated address space, making it unavailable to running processes.

However, the PTI workaround could come at an expensive performance cost. It increases the performance overhead for executing a process significantly because the kernel is not already running and ready to go. Current tests on Linux show an 18% degradation in CPU execute speeds for IO-intensive tasks.

This seems to be a no-win situation, especially for services that rely on heavy computing at fast performance. Cloud providers will be impacted, but companies are being forced into patching to avoid the vulnerability.

has already scheduled an Azure maintenance and reboot on January 10. While there has been no official confirmation, the company is expected to patch the Intel flaw then. Amazon has issued a warning email that suggests a major security update is coming on Friday.

Intel is still embargoing the full details around this flaw. We guess the company still does not have a definitive fix and is keeping the details secret until it does. The chipmaker says more information will come at the end of this month.

New Processor Vulnerability

While Intel's newest chips are possibly exempt from the latest security flaw, the company announced last November its latest CPUs are vulnerable. The company discovered a vulnerability in the firmware of its Management Engine, Server Platform Services, and Trusted Execution Engine. In a security advisory, the company says an array of its processor ranges and products are left vulnerable.

Among the major Intel products affected at 6th, 7th, and 8th generation Intel Core processors. The company's Xeon processors, Atom processors, Apollo Lake, and Celeron processors are also included.

In its advisory, Intel says the firmware versions of 11.0, 11.5, 11.7, 11.10, and 11.20 are compromised. Server Platform Engine firmware version 4.0, and Trusted Execution Engine version 3.0 are also impacted.

Intel later issued a patch to fix the vulnerability.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News