Intel is grappling with another major security flaw in its processors… and this time, the cost of fixing it may be very steep. Researchers have discovered a design vulnerability in Intel CPUs over the past decade that covers the ability of ordinary programs to determine the content or layout of protected kernel memory (i.e. areas reserved just for the operating system). While the details appear to be under embargo for now, the fix is to completely separate the kernel memory from those ordinary processes. That could carry a significant speed hit, since it requires switching between two memory address spaces every time there’s a system call or a hardware interrupt request.
How much of a slowdown you see depends on the processor and the task in question. The biggest blows are expected to come to virtualization systems like Amazon’s EC2 or Google Compute Engine. The Register claims the performance hits could range from 5 percent to 30 percent, but there’s evidence to suggest steeper hits might be possible. Whether or not this affects everyday tasks like gaming or web browsing is another matter, though — there has yet to be comprehensive testing.
As it’s a chip-level flaw, the bug affects virtually every operating system, including Linux, macOS and Windows. Software fixes are known to be in the works for at least Linux and Windows, but a true solution that maintains performance will require changes at the CPU level. Notably, though, AMD reports that its processors aren’t affected due to key differences in memory handling.
Intel has so far declined to comment. However, to call this ill-timed would be an understatement. After years of maintaining a fairly secure performance lead, it’s facing stiff competition from AMD’s Ryzen and Epyc processors. The last thing it needs is a security hole that not only requires design tweaks, but could slow down virtually all the chips it sells once patches are in place.Engadget