Intel processors made in the last decade may have major security flaw

3 Jan 2018

Intel logo. Image: Dragan Jovanovic/Shutterstock

A design flaw has forced programmers to respond quickly.

In what was described by The Register as a “fundamental design flaw”, Windows and Linux kernels must be redesigned to fix a security bug in Intel processors at chip level.

Linux programmers are currently working on a fix (but comments on the source code for said fix have been redacted) while Microsoft expects to publicly roll out the changes to the Windows OS during the course of a Patch Tuesday (when the company releases its regular security patches).

Full details on the design flaw and security vulnerability are not yet known as they are currently under embargo. The flaw is said to affect all modern computers with Intel chips from the last 10 years.

Kernel memory

It looks as though the bug allows normal user programs to view some of the contents of the processor’s kernel memory, which should ostensibly be well protected.

The kernel memory can include private information from passwords to login credentials, and, considering the speed at which developers are working to create fixes, it is likely to be quite a serious flaw.

As The Register detailed: “The kernel’s memory space is hidden from user processes and programs because it may contain all sorts of secrets, such as passwords, login keys, files cached from disk and so on.

“Imagine a piece of JavaScript running in a browser, or malicious software running on a shared public cloud server, able to sniff sensitive, kernel-protected data.”

As well as Linux and Windows, Macs may also be affected, but there is little information in the public sphere as of yet about the specifics of an update from Apple at time of writing.

Patch could slow machines down

The patch involves segregating kernel memory completely from user processes, and this could result in a performance drop of between five and 30pc “depending on the task and processor model”. It is possible that further patches could reduce the chances of machine slowdown.

According to TechRadar, it is likely that enterprise-level systems will be hit hardest but, due to the lack of information, it is difficult to tell what the repercussions will be for individual consumers.

Amazon Web Services and Microsoft’s Azure Cloud platform will be undergoing maintenance in the next number of days, and sources speculate that this is to mitigate the risk posed by the flaw.

Machines with AMD processors are not affected.

Intel logo. Image: Dragan Jovanovic/Shutterstock

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects

editorial@siliconrepublic.com