【Intel全系CPU曝硬件缺陷 补丁自损30%性能】

【Intel全系CPU曝硬件缺陷 补丁自损30%性能】Intel处理器的一项设计BUG近日披露,涉及从数据中心应用程序到JavaScript支撑的Web浏览器,操作系统则有Windows、Linux、macOS等。短期内的解决方案可以通过系统更新弥补,应用内核页表隔离(PTI)隐藏内核内存地址,不过非常棘手的问题在于,这会强制CPU不断刷新其缓存,以保留其TLB或翻译旁视缓冲区,这些缓冲区实质上是允许CPU快速访问用户内存的缓存,所以这将会在某些情况下,削弱CPU 30~35%的性能。

Major security flaw found in Intel processors

Developers scramble to fix bug within chips made in the last decade that will affect millions of computers running Windows, macOS and Linux

Fixes for the Intel flaw should be available at the end of the week, but implementing them is expected to slow down computers.
Fixes for the Intel flaw should be available at the end of the week, but implementing them is expected to slow down computers. Photograph: Beawiharta/Reuters

Developers are currently scrambling behind the scenes to fix the significant security hole within the Intel chips, with patches already available within some versions of Linux and some testing versions of Windows, although the fixes are expected to significantly slow down computers.

The specific details of the flaw, which appears to affect virtually all Intel processors made in the last decade and therefore millions of computers running virtually any operating system, have not been made public.

But details of the fixes being developed point to issues involving the accessing of secure parts of a computer’s memory by regular programs. It is feared that the security flaw within the Intel processors could be used to access passwords, login details and other protected information on the computer.

“Modern operating systems rely upon Intel’s chips to provide some essential security services – but if a flaw has been found then the operating systems themselves will need to be updated to do the job that they believed Intel’s chips were doing properly,” said independent security expert Graham Cluley.

The fixes involve moving the memory used by the core of the computer’s operating system, known as the kernel, away from that used by normal programs. In that way, normal programs, including anything from javascript from a website to computer games, cannot be manipulated to exploit the hole and gain access to the protected kernel memory.

But implementing the fix is expected to significantly affect the performance of the computer, making some actions up to around 30% slower.

The UK’s National Cyber Security Centre (NCSC) said it was aware of the issue and that patches were being produced.

While normal computer users could see performance problems, the security flaw also affects cloud servers, with Amazon, Microsoft and Google all expected to have to fix the bug with similar performance-reducing patches.

The exact severity of the flaw has not yet been publicly disclosed, but the lengths being taken by the various operating system developers to fix something indicates that they view it as a serious problem that apparently cannot be patched with a small update.

“The good news is that it sounds as if this flaw has been known about (but kept quiet) for a couple of months. The bad news is that users will once again have to install a security update, and businesses are likely to have to restart thousands of computers to apply the fixes,” said Cluley.

More details are expected to be divulged as soon as the end of this week, along with fixes for operating systems.

Intel did not respond to request for comment.

原文链接:

https://www.theguardian.com/technology/2018/jan/03/major-security-flaw-found-intel-processors-computers-windows-mac-os-linux

 


Comments are closed.



无觅相关文章插件