The security flaw is so pervasive, it is unlikely a simple patch will solve it. Instead, the CPU-level fault would need a major overhaul of how operating systems map page tables and will sap performance. It is worth pointing out that Intel has yet to officially discuss this problem and its severity is bring speculated. However, numerous sources say a major bug is baked into Intel x86 and x64 hardware. The company is so worried about the risk of this vulnerability that it has been placed under embargo. Reports suggest the problem revolves around how processors manage kernel execution. Any program that needs to execute a command or perform any task, it is up to the kernel to take control. This is achieved by the processor passing the system control to the kernel. To make these processes smooth, the kernel burrows itself into the virtual memory address spaces of all processes, even when the processor takes back control. The way this function works potentially leaves the system wide open. Kernels remain in virtual memory and could possibly be accessed by exploits found in modern web browsers. Malicious database programs or JavaScript could effectively corrupt a system. There are conflicting reports about whether this affects the newest Intel CPUs, but it probably doesn’t. That’s because newer processors have been enabled with Process-Context Identifiers (PCID), which remove performance strains of the Kernel Page Table Isolation (PTI) workaround. PTI places the kernel in a dedicated address space, making it unavailable to running processes. However, the PTI workaround could come at an expensive performance cost. It increases the performance overhead for executing a process significantly because the kernel is not already running and ready to go. Current tests on Linux show an 18% degradation in CPU execute speeds for IO-intensive tasks. This seems to be a no-win situation, especially for services that rely on heavy computing at fast performance. Cloud providers will be impacted, but companies are being forced into patching to avoid the vulnerability. Intel is still embargoing the full details around this flaw. We guess the company still does not have a definitive fix and is keeping the details secret until it does. The chipmaker says more information will come at the end of this month.
New Processor Vulnerability
While Intel’s newest chips are possibly exempt from the latest security flaw, the company announced last November its latest CPUs are vulnerable. The company discovered a vulnerability in the firmware of its Management Engine, Server Platform Services, and Trusted Execution Engine. In a security advisory, the company says an array of its processor ranges and products are left vulnerable. Among the major Intel products affected at 6th, 7th, and 8th generation Intel Core processors. The company’s Xeon processors, Atom processors, Apollo Lake, and Celeron processors are also included. In its advisory, Intel says the firmware versions of 11.0, 11.5, 11.7, 11.10, and 11.20 are compromised. Server Platform Engine firmware version 4.0, and Trusted Execution Engine version 3.0 are also impacted. Intel later issued a patch to fix the vulnerability.
