Linux and Windows Developers Address Major CPU Vulnerability

Linux and Windows developers are urgently rewriting parts of their kernels due to a serious design flaw in Intel processors released over the past decade. This vulnerability also affects ARM64 chips.

The vulnerability allows attackers to access confidential data from kernel memory. Details about the hardware issue are being withheld until patches are released, which are expected to arrive in the middle of this month with the regular security bulletins. Researcher Brainsmoke has already presented a proof-of-concept exploit capable of reading protected kernel memory when running an unprivileged process.

How the Vulnerability Works

The issue is related to speculative code execution, where Intel chips do not properly check the security of instructions that allow reading memory segments. As a result, any application can potentially access kernel memory and read sensitive information such as encryption keys and passwords. This vulnerability is especially dangerous for virtualization systems, as it could allow an attacker to access memory outside the guest system.

Temporary Solution and Performance Impact

As a temporary fix, developers have completely separated kernel memory from user-space memory. However, this requires constant switching of memory pointers, which significantly reduces program performance. On Intel-based computers, this workaround can decrease software performance by 5-30%, and even up to 63% for certain tasks. On machines with newer processors, the performance drop is less noticeable thanks to PCID/ASID technologies.

Impact Beyond Intel

According to an official Intel press release, the vulnerability affects not only Intel processors but also chips and devices from other manufacturers.