The technology website Register reported that some Intel processors have a “fundamental design flaw” that will spur a significant security update of Linux and Microsoft Windows operating systems to work around it. It went on to say that AMD chips were not affected by this.
The three Vulnerabilities have been disclosed:
- CVE-2017-5715 (1 & 2 are collectively known as Spectre)
- CVE-2017-5754 (Meltdown)
All three vulnerabilities are variants of the same attack utilising different methods to exploit speculative execution of instructions.
The vulnerability could be leveraged by malware and hackers to more easily exploit other security bugs.
The report says “Programmers are scrambling to overhaul the open-source Linux kernel’s virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December.”
And in regards to a performance hit it goes on to say “Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we’re looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features – such as PCID – to reduce the performance hit. Your mileage may vary.”
According to the report the bug is present in modern Intel processors produced in the past 10 years.