Massive CPU Security Flaws Revealed


#1

Update:

Google Project Zero has spilled the beans. There are two huge security flaws that are dependent on the speculative execution functions found in many modern processors. Basically, attackers can attack it to read the kernel memory, which is extremely bad, as they can then get passwords, encryption keys, everything. And contrary to the early speculation, these flaws are not just Intel-only. ARM and AMD have issues, too.


Okay, going to rewrite this to clear up any initial misunderstanding.

Recently, people have noticed that a pretty major and unannounced change to the way Linux handles virtual memory. Even more puzzling is that there’s been no communication about this whatsoever. This is the kind of massive change that would be announced well in advanced, debated, and then slowly implemented in the past. Instead, it appears to to have been executed in two months, and in secret.

Other people started digging and discovered that Microsoft has also done a sudden and big rewrite of the way Windows handles virtual memory, and MS started rolling out the change to Insiders in November. Two months.

Coupled with even more digging, and it all points to a massive flaw in Intel CPUs that exposes the kernel memory, which is very, very, very bad. This does not appear to be a flaw that can be fixed in microcode/firmware updates, which means it has to be fixed at the OS level, which means that there’s going to be a performance hit. As to how large? It’s unknown until the details and fixes are released.


#2

#3

Five years ago it would be no big deal, but today that would be nothing less than catastrophic.


#4

#5

It looks like all intel CPUs are affected, but those with PCID have much less performance impact from the fix. As to severity, this bug allows you to read kernel memory from the userspace. Straight-up. It’s as bad as it gets.

The impact completely depends on workload but numbers I’ve seen going around are <1% on CPUs with PCID (meaning Broadwell or later) and ~5% on other Intel CPUs. But you can devise a workload where the impact is 0% or up to a whopping 50%. Depends on the number of syscalls you make.

Note AMD CPUs are not affected at all.

And in completely coincidental news,


#6

Ugh, of course i’m one generation behind the curve of course. So much for my dreams of running my own cloud computing service off my desktop.


#7

It’s not just VMs. It’s possible that someone could write JavaScript code that could read the contents of the kernel memory. All you need is to visit a malicious web page.

There’s a reason why the Linux devs have done a secret crash rewrite of a system that they’d normally discuss openly for months before even touching.


#8

I’m searching through
http://www.cpu-world.com/cgi-bin/CPUID.pl

And it seems like PCID (Process context identifiers) is present back to Sandy Bridge, e.g. 2500K. So performance penalty seems mitigated for almost anything modern in the past 6-7 years if that’s true.


#9

It sounds like it still depends on workload, otherwise some of the reports of big performance hits wouldn’t be happening.


#10

Hmm, this could be a problem, if the perf hits are big for non-virtualization loads.


#11

I think the VM angle is because that’s where most big business computing is today, either locally hosted or in the public cloud. A user-level PC getting a 30% processor slowdown isn’t even going to be noticeable for most PC workloads. A big cloud provider such as Azure or AWS suddenly losing 30% of their capacity is going to be a nightmare. Both for the cloud provider and all their clients.


#12

VMs hit the CPU a lot, and they also run tons of untrusted code. If you’re sharing a machine with someone else, you have no idea what they’re running. This is a massive liability all of a sudden. You could see a ton of compliance guys losing their shit this week.


#13

It depends on the number of syscalls, with du supposedly slowed down by a whopping 50%. This is all still just rumor and hearsay, we won’t know the real deal until the embargo lifts.

This is absolutely not limited to the enterprise or VMs. You will need to patch your windows desktop too. Not a huge deal, expect a 1-5% overall slowdown, but not exactly welcome news either.


#14

Makes sense given the description of the problem, since file handling operations is pretty much the only thing du is doing (enumerating file sizes).


#15

But the marketing guys can still make lemonade out of lemons.

“Intel Cannon Lake! Now up to 50% faster than our previous generation!”


#16

I’ll need to be able to disable this fix when I run benchmarks and play Quake 3.


#17

I don’t think you can. The fix is to for the OS to keep two separate memory tables, so that way no application can read kernel space.


#18

Yeah, man, I think he may have been attempting to make a joke there, man. Like, a topical quack3.exe joke.


#19

He should have said crysis instead. That’s much funnier.


#20

Hmm, wouldn’t that stock sale constitute insider trading?