Serious design flaw detected in Intel Processors; patches may hit performance by upto 30%
Intel has screwed up real big this time. A major chip-level bug which can adversely impact data security has been discovered in Intel CPUs. The real bad news is that the bug is supposedly present on all modern processors manufactured in the last ten years and cannot be addressed with a microcode update from Intel. The bug requires an OS level update which means all systems running Windows, Linux or Mac are going to be affected. There's some good news for AMD users though, as the bug is not present on processors designed by AMD.
Although the minute details of the flaw have not been released, what is known to us at this point is that the bug allows certain everyday user programs like web browsers(through malicious javascript code) and database applications to access restricted areas of the Kernel memory, let alone malicious programs. This could be a potential threat to data security as sensitive information of active users such as usernames and passwords, which are present in the hidden kernel memory can be hijacked.
The bug has forced major operating system developers to get into action and release security updates as early as possible. Linux has already released updates for closing the security hole in the chips. Microsoft is said to be working on the patch which it will release next Tuesday.
The bug present on the CPU's allows for unauthorized access to the Kernel memory as stated above. The fix for this is to implement a Kernel Page Table Isolation(PTI) which will move the entire Kernel to different address space, making it invisible to running processes. Experts believe that PTI is not required in normal scenarios but Intel's hardware flaw allows circumvention of the protection mechanisms for kernel access thereby making it necessary. The fix will have a major impact on the performance of the system as the processor will need to jump to two different addresses for each system call, making it a very time-consuming process.
It is believed that system performance will be severely affected, with some reports suggesting a drop of up to 30 percent, which is not something desirable. Latest Intel processors with PCID (Process-Context Identifiers) enabled, may, however, be somewhat less affected. If a better workaround is not found by Intel, the bug may cause huge financial losses to big organizations and data centers. Linux #-Link-Snipped-# have even started reporting performance drops of 17-18% in benchmark results after applying patches. The picture below clearly shows the performance loss in Linux systems.
Benchmark results before and after applying patches (Credits: Phoronix)
AMD has however ruled out the presence of any such bug in their processors. AMD informed that its microarchitecture does not allow memory or speculative references which access higher privileged data while running in a lesser privileged mode. If such an access is requested, a page fault occurs. To wrap it up, Intel has certainly made a very large mistake which is sure to hit the brand's image as a reliable chip maker.
Source: #-Link-Snipped-# | #-Link-Snipped-#
The bug has forced major operating system developers to get into action and release security updates as early as possible. Linux has already released updates for closing the security hole in the chips. Microsoft is said to be working on the patch which it will release next Tuesday.
The bug present on the CPU's allows for unauthorized access to the Kernel memory as stated above. The fix for this is to implement a Kernel Page Table Isolation(PTI) which will move the entire Kernel to different address space, making it invisible to running processes. Experts believe that PTI is not required in normal scenarios but Intel's hardware flaw allows circumvention of the protection mechanisms for kernel access thereby making it necessary. The fix will have a major impact on the performance of the system as the processor will need to jump to two different addresses for each system call, making it a very time-consuming process.
It is believed that system performance will be severely affected, with some reports suggesting a drop of up to 30 percent, which is not something desirable. Latest Intel processors with PCID (Process-Context Identifiers) enabled, may, however, be somewhat less affected. If a better workaround is not found by Intel, the bug may cause huge financial losses to big organizations and data centers. Linux #-Link-Snipped-# have even started reporting performance drops of 17-18% in benchmark results after applying patches. The picture below clearly shows the performance loss in Linux systems.
Benchmark results before and after applying patches (Credits: Phoronix)AMD has however ruled out the presence of any such bug in their processors. AMD informed that its microarchitecture does not allow memory or speculative references which access higher privileged data while running in a lesser privileged mode. If such an access is requested, a page fault occurs. To wrap it up, Intel has certainly made a very large mistake which is sure to hit the brand's image as a reliable chip maker.
Source: #-Link-Snipped-# | #-Link-Snipped-#
Replies
You are reading an archived discussion.
Related Posts
Samsung is gearing up to wow audiences at CES 2018. In this run-up we have seen what its Creative Lab has to offer and now let’s have a closer look...
The Chinese smartphone company, Xiaomi will launch its much-awaited flagship smartphone, Mi-7 in the middle of this year. Since last month there have been rumors floating on the internet about...
Xiaomi's upcoming flagship killer - the 'Redmi Note 5' has again found its way to the internet. The much-awaited device which is the successor of India's one of the top-selling...
Are you looking to kick-start the new year 2018 with a brand new smartphone? Indian's leading online retailer Flipkart is here to help you do just that by hosting this...
Last year we had informed you that Microsoft had killed Kinect. Now once you have killed something, it is dead but what if it could be killed further. Microsoft, the...