Major Security Flaw in Intel Processors Discovered; Fix Causes Them to Slow

A serious design flaw reportedly present in all Intel’s CPUs made in the last 10 years could leave devices vulnerable to hackers, requiring an operating system (OS) update in order to fix it.

According to a new report from The Register, the security hole appears to be a design flaw that essentially allows commonly used programs to essentially read or discern the contents and layout of a computer’s protected kernel memory areas.

Given kernel memory is dedicated to the core components and interactions of an operating system with its hardware, the flaw could be exploited by a malicious program to expose secured information such as passwords, and effectively compromise a targeted machine or indeed server network.

Imagine a piece of JavaScript running in a browser, or malicious software running on a shared public cloud server, able to sniff sensitive kernel-protected data,” wrote The Register.

Linux programmers are currently working on a fix (but comments on the source code for said fix have been redacted) while Microsoft expects to publicly roll out the changes to the Windows operating system during the course of a Patch Tuesday (when the company releases its regular security patches).

As well as Linux and Windows, Macs may also be affected, but there is little information in the public sphere as of yet about the specifics of an update from Apple at time of writing.

AMD has said that its processors are not affected by this bug and there will be no performance hit on OS running on its systems. “AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against,” said AMD. “The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.”

The impact of such a slowdown has yet to be properly assessed. It may not affect everyday PC and laptop users, but in data centres with servers running Intel chips where every second of performance counts, the effects could be more significant.