A major security vulnerability affecting all Intel chips released in the past decade has apparently been discovered, and since the chips can’t be updated, developers are getting ready to push out software solutions. The good news is that Microsoft is getting ready to push out a major software update to users, and Linux developers have baked a fix into Linux kernel 4.15.
The bad news is that these fixes are expected to make devices Intel-powered desktop, laptop, and server chips about 5 to 30 percent slower when performing some tasks.
Update: Intel has issued a brief statement on the matter, with more details likely coming next week. The long and short of it is that the company acknowledges and exploit has been discovered and that it’s working with software and hardware companies on a solution, but Intel tries to downplay the severity of the issue (and suggests that not only Intel products are affected).
Update 2: Yup, it’s not just Intel. AMD and ARM chips are also affected by some, but not necessarily all of the vulnerabilities that affect Intel chips. Google’s Project Zero discovered the vulnerabilities, code-named Spectre and Meltdown, and lays out the details in a blog post.
Intel hasn’t officially disclosed the details of the vulnerability yet, and while Linux kernel development is happening out in the open, some of the details of the vulnerability have been redacted to prevent it from being exploited before a patch is in place.
But The Register has pieced together many relevant details and the long and short of it is that it seems to allow software running on a PC to access protected kernel memory without appropriate permission.
A kernel is the core of an operating system that tells the OS how to interact with the CPU, memory, and other hardware. Because it’s such as an important component of the operating system, it has a special, protected area of memory called “kernel space” that’s separate from the “user space” which is what you mostly use when you’re running programs on a PC.
Since this is a chip-level vulnerability, software developers have had to implement a pretty big workaround by completely changing the location of the kernel. Unfortunately, that means it will take longer to complete some tasks.
You can find more details about why the security patch will slow down computers at Python Sweetness and The Register, but some folks are predicting Intel-powered computers could take a performance hit of between 5 and 30 percent. Some technologies added to recent Intel processors could help mitigate that, so it’s possible that chips released in the past few years won’t be affected as much as older models. And not all activities are likely to be slower after the software updates roll out.
Phoronix has already run some benchmarks on systems using the new Linux 4.15 kernel, and finds little change in video gaming performance, video transcoding or Linux kernel compilation tasks, but a big slow-down in PostgreSQL and Redis performance.
We could see a major impact on performance of servers, with Amazon, Microsoft, and Google set to roll out security updates soon.
While we already know that Microsoft and Linux developers are working on patches, it’s likely that Apple will also issue its own update soon, since the company’s desktop and notebook computers also use Intel processors.
Update: It turns out Apple is already on the case. Part of the fix was included in macOS 10.13.2, which was released last month, and the upcoming macOS 10.13.3 should take care of most security issues affected by the vulnerability.
Interestingly, it looks like an upcoming Linux kernel update will also separate the kernel and user spaces for 64-bit ARM processors, suggesting it may not just be Intel chips that are affected by the vulnerability.
AMD notes that it’s chips aren’t affected by the same vulnerability, which could be very, very good news for the company now that it’s got a line of Ryzen processors that are within striking distance of their Intel counterparts when it comes to pre-patch performance. It’ll be interesting to see how Ryzen-powered laptops and desktops compare to Intel-powered machines after the security updates are fully rolled out.
For now, Phoronix notes, it looks like Linux kernel 4.15 still treats AMD chips as if they were vulnerable though, so it may be a while before everything shakes out.
It’ll also be interesting to see how long it takes Intel to release new processors that aren’t affected by the vulnerability. Since the company still hasn’t issued any official statements on the matter it’s unclear how long the company has known about the problem, how much work it will take to design it out of future products, and if that work will delay the launch of any chips on the company’s current roadmap.