A so-called bug initially ascribed solely to Intel CPUs is actually a pair of exploits that, taken together, impact many of the CPUs being used in PCs, mobile devices, and data centers. The bugs now have names, specifically, Meltdown, which affects Intel processors, and Spectre, which is more widespread and affects CPUs from Intel, AMD, and ARM.
As Windows Central now reports, Intel has issued a statement indicating that the issue is not specifically a bug in Intel CPUs but rather an exploit that can be applied to all systems, including those with ARM and AMD processors.
“Recent reports that these exploits are caused by a ‘bug’ or a ‘flaw’ and are unique to Intel products are incorrect,” Intel said in a statement. “Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.”
The issue is related to how programs access memory, specifically information that should only be accessible to the operating system kernel that maintains the highest level of privileges. The exploits are ones where malicious programs can access the protected kernel memory space and “see” information that should be locked away.
The full details, which are not yet available, are quite technical and relate to how a CPU moves in and out of protected kernel mode. The Google blog outlines the issue, which was discovered by its Google’s Project Zero team in 2017. The result is what matters: Keeping the kernel in virtual memory makes the process as fast as possible. If the CPU doesn’t have to dump and then reload the kernel, then it can achieve faster performance. Unfortunately, it also makes kernel contents vulnerable to being accessed by nefarious programs.
The fix for Meltdown, as The Guardian outlines, has to be implemented by the operating system in a process labeled Kernel Page Table Isolation (KPTI), which puts the kernel in an area of protected memory space that cannot be accessed by other programs. That creates extra processing steps — dumping and then reloading kernel data — that can slow things down, although according to Intel, the impact is limited to specific workflows and typical users will not notice much impact. Machines using Intel’s Skylake or later CPUs will see less of an impact than older systems. Spectre will take longer to resolve but is also much more difficult to exploit.
All operating systems will need to implement some form of KPTI in order to bypass the bug and improve security. According to the Verge, Microsoft has already issued an emergency patch, which it apparently had been testing in earlier Windows Insider builds, to address the issue. Google has also provided a fix in the latest Android security updates, which so far have primarily rolled out to Google’s Nexus and Pixel smartphones, and more generally, ARM has provided patches to companies using its processors. Linux and MacOS will also need to be updated, meaning this is an equal-opportunity bug, although AMD has stated that there is “near zero risk to AMD products at this time.”
As always, you’ll want to keep your system updated no matter its OS or CPU. As it turns out, this story isn’t about one manufacturer’s problems but apparently more about the industry’s rapid response to a widespread issue.
Updated to reflect recent statements by Intel and Microsoft saying the issue is not a bug specific to one line of CPUs but rather an exploit that affects all systems, in addition to add updated information on the two exploits.
Published at Thu, 04 Jan 2018 17:41:37 +0000