A vulnerability in Intel processors can slow down a PC by 5-30%.
Technology companies have small gaps, there are large, and there are huge: it is reported that almost all Intel processors released in the last decade, have serious security holes. As a result, as expected, the regular user programs from database applications and ending with the javascript code in the web browsers can get up to a certain extent the access to the data structure of the protected areas of memory belonging to the kernel of the operating system.
In fact, modern Intel processors include a design error that could allow the malware to read a protected area of kernel memory (the RAM area that is allocated to the most important core operating system components and their interaction with the system hardware). This disadvantage can potentially access protected information such as passwords. Because the error introduced at the hardware level 64-bit Intel chips, it requires repair at a basic level in each of the popular operating system including Windows, Linux and macOS.
Detailed information about the error in the design of crystals and how vulnerable users are, at present, the specialists kept secret, but since the developers are working on software patches to roll up our sleeves, wanting to release updates in the coming weeks, it seems, is a very serious matter. In the worst expected scenario, something as simple and common as javascript or cloud-based malware running via a web browser, unable to access some of the most sensitive internal functions of computers based on Intel chips.
Since the patch will entail a complete separation of kernel memory and user processes, the “fixed” operating systems could potentially lead to a significant drop in the performance of your PC — from 5% to 30 %, depending on the specific task and processor model. The publication the Register explains:
“These corrections KPTI [Kernel Page Table Isolation] is transferred to the OS kernel in a completely separate address space, so it is not just imperceptible to the running process, it is not in the same address space. Under normal conditions such measures are absolutely required, but the problem lies in the hardware architecture of the Intel chips and otherwise allows some way to bypass the security access to the OS kernel.
But the problem of this division of memory is that is quite expensive to keep switching between two separate address spaces for each system call, and for each hardware interrupt. These context switches do not occur instantly, and they cause the CPU to upload the cached data and re-load the information from memory. This increases the cost of resources for the work of the kernel and reduces the performance of Intel-based computers”.
From 5 to 30 percent — a monstrous projected performance drop, but due to the problem of secrecy at the present time it is difficult to say how noticeable the reality will be the impact of the patches on the work of ordinary users. The greatest damage may be incurred such large-scale systems, such as data centers. For example, in PostgreSQL, the fix KPTI brings a performance degradation in the best case 17 %, and in the worst — 23 %. For the average user, maybe the patch will bring minimal problems. In addition, in future it is possible the emergence of more effective ways to solve hardware problems.
Python Sweetness blog, recently wrote: “the Urgent development of a software patch is in the open and the recently released Linux kernel, similar innovations were added to the NT kernel in November. In the worst cases, the correction resulted in very significant slowdowns of some typical tasks. There is reason to believe that the vulnerability significantly affects common virtualization environments, including Amazon EC2 and Google Compute Engine”.
As you can see, the vulnerability can be so severe and deep that they are unable to identify the most sophisticated experts in the field of safety for decades. However, after the discovery of such a hole in millions of systems can take advantage of a very wide range of cyber criminals. At least a small fraction of the owners of the systems based on the AMD experience in this case is not about the architecture of these chips is resilient to such types of attacks.
© 2018 – 2019, paradox. All rights reserved.
