Wednesday, October 30, 2024

Intel responds to the CPU kernel bug, downplaying its impact on home users

January 4, 2018 by  
Filed under Choosing Lingerie

During a conference call Wednesday afternoon, Intel shed more light on the CPU kernel vulnerability, now being referred to as a “side channel analysis exploit”. Expect to see patches roll out to address the flaw over the next several weeks, executives said, though the performance impact of a patch still remains at a frustrating level somewhere between 0 and 30 percent, with “average” PC users expected to see little impact.

The company, whose products had been a focus of an initial report from The Register, said that both ARM and AMD had been notified of the vulnerability, as well as several operating system vendors. The flaw was first discovered by Google’s Project Zero security team, according to Intel, which the company confirmed.

Intel said that it would issue its own microcode updates to address the issue, but over time some of these fixes would be rolled into hardware. At press time, Microsoft declined to comment on how it would proceed, though it is expected to release its own patches soon. Google, too, issued its own report on which of its products could be affected: these include Chrome and Android phones, though the latter will depend on how quickly phone makers roll out updates. 

What this means: At this point, we know that major chip and operating system vendors are aware of the problem and working to release fixes. The first should probably arrive as part of Microsoft’s Patch Tuesday, or earlier. What’s unclear is how many different types of software and CPU architectures the patches will affect, and the amount of performance (if any) that PCs will suffer as a result. It’s a very complicated issue, so we’ve created an Intel CPU kernel bug FAQ that breaks down all the info we know in clear, easy-to-read language to help you wrap your head around it.

What is a side-channel analysis exploit?

According to Intel, the exploit is a way for an attacker to observe the content of privileged memory, exploiting a CPU technique called speculative execution to circumvent expected privilege levels. That can give an attacker access to data it normally wouldn’t, though Intel has said that the data won’t be deleted or modified.

In fact, Intel and the researchers identified three variants, known as a “bounds check bypass,” “branch target injection,” and a “rogue data load,” all of which used slightly different methods of attack. In each case, operating-system updates mitigated the problem.

Steve Smith, one of the engineering leads at Intel who reported the company’s findings, added that no attacks using the vulnerability has been discovered in the wild. He also denied reports that the vulnerability was a flaw, or that it was specific to Intel. “The processor is in fact operating as we designed it,” Smith told investors during the conference call.

The discovery led to hardware makers around the world responding to the vulnerability in a “responsible manner,” Smith said. 

Featured Products

Comments are closed.