Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign by John Leyden and Chris Williams.
From the post:
…
It is understood the bug is present in modern Intel processors produced in the past decade. It allows normal user programs – from database applications to JavaScript in web browsers – to discern to some extent the layout or contents of protected kernel memory areas.The fix is to separate the kernel’s memory completely from user processes using what’s called Kernel Page Table Isolation, or KPTI. At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka FUCKWIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers.
…
Think of the kernel as God sitting on a cloud, looking down on Earth. It’s there, and no normal being can see it, yet they can pray to it.
…
Patches are forthcoming, to make your Intel machine 5% to 30% slower.
Cloud providers are upgrading but there’s a decade of Intel chips not in the cloud that await exploitation.
Show of hands. How many of you will slow your machines down by 5% to 30% to defeat this bug?
Next question: How long will it take to cycle out of service the most recent decade of Intel chips?
You’ll have to make your own sticker for your laptop/desktop/server:
BTW, for FUCKWIT and another deep chip flaw, see: Researchers Discover Two Major Flaws in the World’s Computers.
These fundamental flaws should alter your cybersecurity conversations. But will they?