Patch for critical Intel CPU flaw could slow PCs by up to 35%

Posted Jan 3, 2018 by James Walker
A "fundamental" flaw in the design of Intel processors could allow attackers to access kernel memory. Developers of the Linux and Windows kernels are scrambling to release patches but they might include significant performance penalties.
The issue is so serious that full details haven't yet been released. Public disclosure has been withheld to give operating system developers time to release patches to consumers. According to The Register, Microsoft will issue the necessary updates in an upcoming Patch Tuesday release. The Linux fix is also still in development. Apple's macOS will require an update too but the company hasn't yet commented on its plans.
Escaping the sandbox
The problem is created by a hardware bug in recent Intel CPUs that could allow an attacker to establish the contents of the kernel's memory. User applications such as your web browser would be able to inspect sensitive areas of memory used by your PC's operating system. An attacker might be able to identify cryptographic security keys or steal data from running programs, using a malicious website script.
Ordinarily, the operating system's kernel should restrict desktop programs from running sensitive operations. However, somewhere along the line, Intel's introduced a hardware flaw that's left the safeguards ineffectual. The result is that programs running on Intel platforms could end up with more kernel permissions than they're meant to be assigned.
To close the gaping security hole, developers on the Linux and Windows teams are having to introduce major changes to the way their kernels handle memory. New code is being added to wall off the kernel's system memory from user programs, keeping the two separate. Since this separation is supposed to be enforced by hardware, achieving it with software comes with a significant performance hit.
Software protection
Early Linux benchmarks by researchers aren't encouraging. Intel-powered PCs could become 5 percent slower overnight after the update is installed. In some scenarios, the penalty could be as high as 35 percent. General consumers might not notice though as applications that make kernel system calls will be impacted the most. People running demanding workloads, such as software compilation, are more likely to encounter meaningful slowdowns.
READ NEXT: Your phone's gyroscope could let hackers guess your PIN
The full impact of the bug remains unclear while work is ongoing to create the software patches. Intel hasn't publicly commented on the discovery, instead choosing to stay silent as researchers uncover more details. The company's stock fell by over 3.5% after information began to emerge. It has since recovered slightly.
Meanwhile, rival AMD has seen its stock surge by as much as 7.2% after confirming its x86 processors are not affected. The company is preparing to capitalise on a potential PR catastrophe for Intel as it's forced to slowdown existing computers. The flaw also affects Intel's server-side platforms and has caused major cloud providers to schedule maintenance periods. Amazon Web Services and Microsoft Azure have both confirmed they'll need to update their infrastructure.