PCR Tech and IT retail, distribution and vendor news
Intel is scrambling to fix a major security flaw that exists in almost every one of its processors manufactured over the last decade. The major security flaw – first reported by the Register – could be exploited in severe attacks if it isn’t fixed quickly enough. To make things worse, patching the flaw could significantly hamper the performance of CPUs. And to add insult to injury, staff at AMD are using the vulnerability as a way of pushing their own processors.
While exact details of the flaw remain under embargo (so that Intel can patch it), the vulnerability reportedly could allow normal user programs to see some of the content of protected kernel memory areas. Basically what this means is that any malicious programs might be able to read information like passwords, login keys, files cached from disk, and other personal data records.
The problem allegedly lies with the x86-64 hardware and therefore cannot be fixed by the usual means of putting out a microcode update. Instead Intel will have to come up with an OS-level fix for affected operating systems including Windows, Linux and macOS. The initial solution will separate the kernel’s memory from user processes, which sure up the vulnerability, however it could also slow systems down by up to 30 per cent depending on the processor model. For everyday users, it’s possible the patches won’t have much of an impact on everyday usage and gaming frame rates. Additionally, future fixes should have less of an effect on performance.
Not wanting to miss out on a chance to benefit from its rivals downfall, AMD is already using the Intel vulnerability as a way of promoting its own processors which are not affected due to ‘extra security protections’. “AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against,” wrote Thomas Lendacky, a member of the Linux OS group at AMD. “The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.”
