Intel has been hit with a processor design flaw that impacts CPUs used in Windows, Linux and some macOS systems. The flaw is linked to Intel’s kernel virtual memory system, which could allow an attacker to access sensitive kernel-protected data, including passwords and login keys, according to a developer blogging at Python Sweetness.
According to the developer, this kind of attack on Intel chips could be far reaching, impacting not only Intel endpoint computers, but also cloud computing environments like Microsoft Azure and Google Compute Engine.
In a statement issued on Wednesday, Intel said, it “believes these exploits do not have the potential to corrupt, modify or delete data.” They added, “Recent reports that these exploits are caused by a ‘bug’ or a ‘flaw’ and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.”
A complete analysis of the attack is being withheld pending an embargo. However, some details describing how the attack method impacts the Linux kernel have been disclosed. It is expected that Microsoft and other companies impacted will release full technical details of the flaw at the end of the month.
The Python Sweetness post goes against cybersecurity research protocol, in which security researchers first disclose information of a vulnerability to the companies concerned then write about it publicly.
In Intel’s statement, it made clear its annoyance that normal protocol hadn’t been followed: “Intel is committed to the industry best practice of responsible disclosure of potential security issues, which is why Intel and other vendors had planned to disclose this issue next week when more software and firmware updates will be available. However, Intel is making this statement today because of the current inaccurate media reports.”
These types of processor attacks require significant labour and an overhaul of the Linux and NT kernel’s virtual memory system. The companies concerned are working on patches, and have issued previous patches. In Python Sweetness’ post, he said patches could impact Intel CPU performance from five to 30 percent depending on the workload.
The developer wrote, “In the worst case the software fix causes huge slowdowns in typical workloads. There are hints the attack impacts common virtualization environments including Amazon EC2 and Google Compute Engine.”
The risk is not thought to be critical for laptops and desktop clients; however for virtual machines, where the kernel keeps multiple users and programs separate, the risks are considered far higher. The attack method allows the attacker to predict where data and code is stored and positioned in memory by the kernel, allowing the adversary to launch malicious software, steal data, listen in on network traffic and even manipulate hardware.