A major hardware flaw appears to have been discovered in Intel CPUs, and bypassing this bug can drastically impact performance. Patching the Intel CPU bug is purported to cause a performance hit of 30-35% on Intel CPUs, while all AMD CPUs are unaffected.
The bug itself could potentially have devastating consequences. It opens up possible security vulnerabilities in Intel CPUs, including large cloud providers and web hosts. The hardware bug causes an Intel CPU to prefetch system memory areas and gain control of any application, in theory allowing for a VM on shared hosting to read and write over another VM. Breaking out of the confines of virtual machines hosted at cloud providers could prove hugely damaging.
According to numerous sources, the security bug is currently embargoed, with Intel trying to keep a lid on it lest it is exploited for an attack. The bug was allegedly unearthed by developers working on the Linux kernel, with several major kernel patches dropping over the festive period quickly drawing attention. Patches typically take months of development and discussion before they’re pushed out, but here we have multiple patches being pushed in double quick time. The theory is that these patches are being released to prevent the security vulnerability in Intel processors.
Thanks to these kernel updates, there is a workaround for Linux users. Kernel Page-Table Isolation (PTI) restricts processes so they can only access their own memory area, blocking any potential read or writes and effectively shutting down the flaw. The downside is that PTI affects low-level features, and performance can be affected anywhere from 5-50 percent. According to Brad Spengler, from GR Security, an Intel Core i7-6700 will take a 29% performance hit while an Intel Core i7-3770S will run 34% slower.
If you’re a Windows user, the fix might take a little longer. Microsoft is currently working on its own isolation feature like PTI, although it may be a while until it’s available.
As for AMD CPU owners - worry not! This hardware bug will have zero impact whatsoever on AMD hardware as they are protected against these types of attack. “The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privilege mode when that access would result in a page fault,” says AMD’s Tom Lendacky. “The X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI is set, disables the AMD processors by not setting the X86_BUG_CPU_INSECURE feature.”
It's also come to our attention, and this may be totally unrelated but it's enough to set alarm bells ringing, that Intel CEO Brian Krzanich sold shares in the tech giant worth $11 million in December. In order to be Intel CEO, Krzanich must have a minimum number of 250,000 shares in Intel. Earlier in the month, Krzanich had 495,743 shares, and after two transactions he brought his total number of shares down to a quarter of a million. Or - the bare minimum required. Considering Intel's own market estimates suggest he stands to make millions of dollars in profit for these shares in the next two to three years, it seems curious he would offload them en masse now. There's a suspicion those at Intel knew more then than we do now, and perhaps Team Blue's long-term prospects aren't as positive as we'd be led to believe.
Should this all be true, this could have major repercussions for Intel. As it’s hardware related there could be very little Intel can do other than take the performance hit, and this really wouldn’t compare favourably to AMD. What are your thoughts on the matter?
And big thanks to Myrmiron for bringing this to my attention!