A fundamental design flaw in Intel’s processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug. Programmers are scrambling to overhaul the open-source Linux kernel’s virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December.
Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we’re looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features – such as PCID – to reduce the performance hit. Your mileage may vary.
Similar operating systems, such as Apple’s 64-bit macOS, will also need to be updated – the flaw is in the Intel x86-64 hardware, and it appears a microcode update can’t address it. It has to be fixed in software at the OS level, or go buy a new processor without the design blunder.
Details of the vulnerability within Intel’s silicon are under wraps: an embargo on the specifics is due to lift early this month, perhaps in time for Microsoft’s Patch Tuesday next week. Indeed, patches for the Linux kernel are available for all to see but comments in the source code have been redacted to obfuscate the issue. However, some details of the flaw have surfaced, and so this is what we know.
In 2017, Google’s Project Zero team in collaboration with researchers at a number of different universities identified an absolutely massive problem with speculative execution, one of the techniques employed in modern microprocessors as a way of improving performance. Essentially, when a processor uses speculative execution, instead of performing tasks strictly sequentially, it predicts which calculations it might need to do subsequently. It then solves them in advance and in parallel fashion.
The result is that the CPU wastes some cycles performing unnecessary calculations, but performs chains of commands much faster than if it waited to process them one after the other. However, there’s a serious flaw in the way modern processors are hardcoded to use speculative execution—they don’t check permissions correctly and leak information about speculative commands that don’t end up being run.
As a result, user programs can possibly steal glimpses at protected parts of the kernel memory. That’s memory dedicated to the most essential core components of an operating system and their interactions with system hardware, and it’s supposed to be isolated from user processes at all times to prevent such glimpses from happening. Everything from passwords to stored files could be compromised as a result.
According to a release by the Graz University of Technology, the researchers have identified three potential attack methods, Meltdown and two closely-related vulnerabilities collectively named Spectre. Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.
Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre.
There’s no way to truly fix Meltdown or Spectre on the hardware level. It can’t be fixed with a microcode update. But researchers can rewrite OSes and other platforms to work around the error by severing kernel memory entirely from user processes with a method called Kernel Page Table Isolation. Since this is a hardware bug, everything running on affected processors is vulnerable including every major OS (Windows, Linux, and macOS), some mobile devices, and cloud computing providers.
Companies are rushing to patch platforms. Per Axios, Microsoft has already patched Windows 10 and will release patches for Windows 7 and 8, Amazon Elastic Compute Cloud is already mostly secured, AMD is still investigating, and ARM is still working on how to address the issue. Apple did not respond to Axios’ request for comment, though security researcher Alex Ionescu tweeted it already released an initial fix for its desktop-based macOS in December 2017’s 10.13.2.