Intel Chip Flaw Forces OS Changes

Wednesday, January 3, 2018 @ 11:01 AM gHale


A flaw in Intel’s processor chips will force a major redesign of the Linux and Windows kernels to fix the security vulnerability.

To date, the open-source Linux kernel’s virtual memory system is going under the knife as programmers are looking at how to fix it.

RELATED STORIES
ICS Alert: USB Malware Attack
Safety System, DCS Attacked
Advancing to IIoT Means Back to Security Basics
Cyber Adds to Downtime Costs: ARC-SANS

At the same time, Microsoft will issue changes to its Windows operating system in an upcoming Patch Tuesday.

As a result of the fixes, the updates will mean a performance hit of up to 30 percent.

While everything is still new, and the effects are still undergoing tests, there could be a five to 30 percent slow down, depending on the task and the processor model. The newest Intel chips have features like PCID which could reduce the performance hit.

Similar operating systems, such as Apple’s 64-bit macOS, will also end up updated as the flaw is in the Intel x86-64 hardware. The flaw will have to be fixed in software at the OS level, or via a new processor that does not have the vulnerability built in.

Intel officials were not immediately available for comment.

The bug is present in modern Intel processors produced in the past decade, according to a published report. It allows normal user programs from database applications to JavaScript in web browsers to discern to some extent the layout or contents of protected kernel memory areas.

The fix is to separate the kernel’s memory completely from user processes using what’s called Kernel Page Table Isolation, or KPTI.

Whenever a running program needs to do something like write to a file or open a network connection it has to temporarily hand control of the processor to the kernel to carry out the job. To make the transition from user mode to kernel mode and back to user mode as fast and efficient as possible, the kernel is present in all processes’ virtual memory address spaces, although it is invisible to these programs. When the kernel is needed, the program makes a system call, the processor switches to kernel mode and enters the kernel. When it is done, the CPU is told to switch back to user mode, and reenter the process. While in user mode, the kernel’s code and data remains out of sight but present in the process’s page tables.

These KPTI patches move the kernel into a separate address space, so it’s not just invisible to a running process, it’s not even there at all, according to the published report.

The vulnerability could end up exploited toleverage other security bugs.

At worst, the hole could be abused by programs and logged-in users to read the contents of the kernel’s memory. Suffice to say, this is not great. The kernel’s memory space is hidden from user processes and programs because it may contain all sorts of secrets, such as passwords, login keys or files cached from disk.

It is possible the bug could be abused to defeat kernel address space layout randomization (KASLR). This is a defense mechanism used by various operating systems to place components of the kernel in randomized locations in virtual memory.



Leave a Reply

You must be logged in to post a comment.