Ma ssive Intel CPU Bug Leaves Kernel Vulnerable, Slows Performance Report
3Ma.ssive Intel CPU Bug Leaves Kernel Vulnerable, Slows Performance Report.
Intel’s CPU security took some whacks a few months ago, with well-publicized problems with the Intel Management Engine. If rumors are to believed, 2018 could kick off on an even worse year for the company. There’s growing speculation that there’s a major bug in Intel CPUs that requires a wholesale change in how Linux, Windows, and macOS map page tables, with the apparent goal of preventing Intel x86 CPUs from disclosing the layout of the kernel address space to an attacker. A similar patch is in the works for ARM systems as well; AMD CPUs are (as of this writing) not affected by this issue.
Here’s what we know so far: An initial article at LWN.Net lays out a new set of patches for the Linux kernel that began in late October and have continued through the present day. These efforts focus on implementing kernel page-table isolation, or KPTI, which splits page tables (currently shared between kernel space and user space) into two sets of data, one for each side. Microsoft is apparently prepping its own fix and is expected to launch it in the not-too-distant future.
We don’t know how attackers exploit the hardware bug in Intel and apparently ARM CPUs yet. All we know is that it’s apparently possible to discern the contents of protected kernel memory by leveraging this exploit. There may be some conceptual similarities to Rowhammer, the DDR memory attack technique that we’ve discussed before, in how this attack is carried out. Rowhammer can be used to change the data stored in certain memory locations by “hammering” adjacent rows of DRAM until the electrical charge in the target cells flips.
Image by PythonSweetness