2200 Western Court, Suite 400 Lisle, IL 60532
(888) 351-8324 (TECH)

Intel Chip Flaw Causes Major Operating System Redesigns

It was discovered yesterday that a, “fundamental design flaw in Intel’s processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.” according to an article by John Leyden and Chris Williams of The Register. The flaw, which resides in the way the chip allows the passing of information from the protected kernel memory areas to user programs (like Word, Excel, and even Javascript running in your web browser). Since this is a hardware issue, all major operating systems like Windows, Linux, and MacOS are redesigning their software to correct the vulnerability. Details of the vulnerability from Intel are currently not being released amid security concerns but we do know that any fix or change to the way the software interacts with the Intel CPU will cause a performance slow-down (potentially up to 30%).

 

The Kernel Page Table Isolation Fix

The fix, that will reportedly impact performance, is to isolate the kernel’s memory from the user-based processes using the “Kernel Page Table Isolation” fix. The Kernel is a piece of software that is central to all Operating Systems. It has full control and plays a part in translating software requests into data-processing instructions for the CPU. The kernel’s code is usually loaded into a protected area of memory that prevents apps from overwriting or changing this code. These tasks take place in what is referred to as “kernel space” whereas everything the user does,¬†happens in the “user space”. Having this isolation prevents user data and kernel data from interfering with each other. More information about kernels can be found here.

 

 

Basically, when a program needs to perform some action – it will give control of the processor to the kernel to accomplish the action. The switching between kernel space and user space takes time so in order to make it faster, software developers have made the kernel present in the virtual memory address spaces of all processes. When the app requires the kernel, the processor is switched to kernel space mode then reverts back to the user space when complete so it can re-enter the process originally requested by the app. Once the CPU jumps back into the user space, the kernel’s code and data remains present in the process’s page tables.¬†This is the root of the flaw since Intel’s chips are somehow allowing kernel access protections to be bypassed.

 

The KPTI patches move the kernel into a completely separate ‘space’, thus removing the kernel from the virtual memory address spaces of these processes. This is why developers are stating that the fix to Intel’s hardware will cause performance hits. The time it takes to switch between the user space to the kernel space, then back to the user space will negatively impact performance but will mean that kernel code isn’t left visible, meaning vulnerable. These address space changes also require the CPU to delete its cache and reload information from memory. This results in a slower PC because processes take longer to, well…process.

 

While AMD processors are not subjected to this issue, they might have hinted at the root cause in their statement yesterday,

“AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher priviledged data when running in a lesser priviledged mode when that access would result in a page fault.”

 

The Impact of The Intel Processor Flaw

Since the kernel’s memory contains all the secrets that the PC uses to operate – like passwords, login keys, cached files from the disk, etc. – this flaw means that the potential exists for a malicious software to garner sensitive kernel-protected data. This also would allow malware to further exploit a targeted PC by knowing where the kernel code is executing from, and injecting or modifying the code’s execution.

The fix would also impact cloud hosting environments the most (AWS, Amazon, and all the major cloud players) and will result in reduced performance which is further compounded by the shared server environments.

 

Related:

Is Blockchain Just Another Buzz Word?

Notice of Extended Support for Microsoft Products

Global Thermal Paper Shortage Expected Until Mid-2018

Common WiFi Protocol WPA2 Has Been Hacked

Chrome Will Start Marking FTP As Non-Secure

 

Leave a reply