EXECUTIVE SUMMARY:

A defect on the Intel x86 microprocessor chip that has been in production during the past 10 years reportedly causes concern for potential cybersecurity issues. Worse, the fix for the bug slows down performance.

The flaw opens access to the layout or contents of protected kernel memory areas. John Leyden and Chris Williams from The Register report, “At best, the vulnerability could be leveraged by malware and hackers to more easily exploit other security bugs. At worst, the hole could be abused by programs and logged-in users to read the contents of the kernel’s memory.”

Most operating systems are affected by the defect, including Windows, OS, and Linux. While details of the vulnerability have not yet been fully disclosed, the problem lies with the Intel x86-64 hardware. According to Leyden and Williams, it cannot be patched with microcode. Instead, they say, “It has to be fixed in software at the OS level, or go buy a new processor without the design blunder.”

The software patch is estimated to slow down system performance by up to 30 percent. Putting this in perspective, Dave Altavilla from Forbes writes, “In data centers, this is a double-edged sword of both security and performance concerns that could result in significant expenditures in man-hour resources to patch systems and potentially affect critical available CPU resources as well.”

Read the full story at The Register.