Welcome Stranger to OCC!Login | Register

Significant Security Flaw Found Impacting Intel CPUs and Possibly AMD and ARM Chips Too

Category: Operating Systems
Posted: 04:22PM

This news is still pretty fresh and has been evolving, which is why there are six linked sources below. It has recently become public knowledge that a rather serious security flaw exists at least with Intel CPUs, but possible also AMD and ARM chips as well. The flaw can allow kernel memory information to be leaked to the user-space, which could allow, for example, one virtual machine to read the memory of the host or any other VM it is running. Clearly this is not good, but a solution is being developed for the open source Linux kernel. The Windows and macOS kernels also need to be patched, but the changes to these are not public. What makes this specific security issue even more interesting than what the flaw could allow attackers to do is the impact the solution, Page Table Isolation (PTI), will have at least on Intel CPUs. This is also where things start to get a bit more complicated.

The issue appears to stem from how a specific optimization method works, called speculative execution. As the name suggests, it has the CPU speculate what will need to be done next, so it will run a task before being asked to, removing or reducing delay. The flaw allows this to be abused to access memory that should not be accessible, as mentioned above. The PTI solution being developed for the Linux kernel is a software solution that will isolate the memory addresses, preventing this from being possible and is actually not a bad feature for kernels to have. Now we get to where it becomes a bit more complicated, as some are reporting Intel CPUs can see as much as a 30% performance decrease, resulting from this fix. What about AMD CPUs? This is the complicated part because while some are saying all modern CPUs are impacted by the issue, AMD has stated it is immune. The way its CPUs work already prevents speculative execution from accessing memory references it should not have access to. This means the PTI solution is unnecessary for AMD CPUs, so while using PTI can slow down AMD as much as Intel chips, it is not necessary on AMD systems. (The patch in the Linux kernel to not enable PTI on AMD CPUs might come after the PTI solution, but a nopti flag can be used to disable it regardless.) Some sources, including Google, which claims to have found the issue last year, and Intel are saying AMD and ARM CPUs are impacted by the flaw, so there are conflicting reports on this and only when the issue is completely revealed will we know for sure.

A 30% drop in performance is significant, but it is important to note this is not an across the board performance hit. Phoronix, which specializes in Linux coverage, is keenly pointing out this impact is felt most with I/O workloads, system calls, and other kernel interactions, which virtual machines will do a lot of, but something like gaming is unaffected. Phoronix also makes the point that the performance drop will be felt more with a system using fast NVMe drives than with traditional HDD storage, as the HDD storage may already be a bottleneck in the system.

As I stated earlier, this is still a developing story, but with such a significant potential performance impact, it has caught a lot of attention. It will take some more time and investigation for the whole story to be revealed, including if AMD is impacted, and how Microsoft and Apple will address the issue in their OS kernels.

Source: Google Security Blog, Linux Kernal Mailing List, Phoronix [1], [2], [3], and Python Sweetness

Register as a member to subscribe comments.
Guest_Jim_* on January 04, 2018 03:09

I post this, go to dinner, come back, and find a lot more information has dropped. Haven't the time to write a whole new item on it, so some quick bits here:

The papers on the flaws are out now and can be found here: MeltdownAttack.com. Three variants exist, with two being called Spectre and one called Meltdown.

While Meltdown and Spectre are related, there are specific differences between them and Meltdown is, according to the researchers, Intel-exclusive. The PTI software fix being worked on will cover for Meltdown, but this is actually an "inadvertent" side effect. This software solution was apparently being developed to address a different issue and just happens to cover Meltdown.

Meltdown might be Intel only, but Spectre impacts basically all CPUs for decades; Intel, AMD, and ARM can be hit by it. This is because of how it can exploit hardware-level performance optimizations. While sounds like it means only a new hardware cycle can fix it (meaning it will remain for years), supposedly software fixes are coming. It is possible these software patches will not 'fix' the issue, but block the attacks while the underlying vulnerability will remain.

There are two variants of Spectre that Google found and studied and AMD identifies the first as being one software patches (applications and OS) can resolve with negligible performance impact. The second AMD states has a "near zero risk of exploitation" due to architectural differences, and an AMD vulnerability has not been demonstrated to date.

I am also seeing some people claiming there are malicious and non-malicious variants to Spectre, with AMD only being vulnerable to the non-malicious variant while being immune to the malicious. (Intel is supposedly vulnerable to all variants.) I have also seen some statements that Spectre is harder to exploit, which is good. The statement in the Spectre research is also a little odd concerning AMD, stating the researchers verified "the attack's applicability" while they "empirically verified the vulnerability" on multiple Intel CPUs, but then maybe that goes to the potential for non-malicious Spectre variants. (Maybe a Spectre attack is possible but is without teeth on AMD, making it applicable but not vulnerable?)


I don't have the time currently, and probably not the technical expertise to read and appropriately understand all of the research, but it looks like this is not a good day for computer security, but specifically for Intel it is a bad day. AMD on the other hand is not having a bad day because it is either immune, has "near zero vulnerability," or will be covered by patches, along with Intel, that software companies have no doubt been working on since they first learned of this. Not saying AMD is having a good day (though its stock did go up 5.19% during the day and higher in after hours, while Intel's dropped 3.39% during the day) but Intel is unquestionably being hit harder by this while AMD might be able to just look and move forward, for now at least.

This topic is going to be in the news for several days I think, as more information comes out, more tests are completed, rumors spread, are challenged, and upheld or dispelled.

© 2001-2018 Overclockers Club ® Privacy Policy
Elapsed: 0.1788268089   (xlweb1)