Intel “Kernel Memory Vulnerability” is going to hit all of us

I first read about the problem in an article in The Reg yesterday from John Leyden and Chris Williams:

A fundamental design flaw in Intel’s processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug… Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December…

[The security hole] would allow ring-3-level user code to read ring-0-level kernel data. And that is not good.

That was news to me, but we had a topic here on AskWoody started by @BillC just a few hours later. (I just discovered that I can’t put those comments under this post, so I’ve sealed off the original Code Red thread, and urge you to comment on this topic by clicking Comment on the AskWoody Lounge above.)

It’s all vaguely reminiscent of the Intel Management Engine bug from 2016-2017.

Lots of reason to be concerned, but there’s no immediate problem — and no known exploit. Suffice it to say that everyone running an Intel 64-bit chip will likely get hit. Apparently the Linux fix goes after AMD chips, too, although I don’t see any information about whether that’s due to a problem with AMD, or an overly zealous implementation in various Linux distros.

Intel has the story under embargo, but I would expect we’ll get official notices shortly.

Worth noting: Intel’s CEO Brian Krzanich sold $39 million worth of INTC stock on November 29. Just a coincidence, I’m sure. (Catalin Cimpanu has since withdrawn his tweet, saying “It’s not that bad. It was a legal sale in the eyes of the SEC.”)

UPDATE: Alex Ionescu – “Windows 17035 Kernel ASLR/VA Isolation In Practice (like Linux KAISER). First screenshot shows how NtCreateFile is not mapped in the kernel region of the user CR3. Second screenshot shows how a ‘shadow’ kernel trap handler, is (has to be).” (Win10 17035 is the Nov 8 IoT beta build.) Thx @teroalhonen

UPDATE: Hal Berenson: “Putting 2+2 together, my guess is you can see the fix in action here” pointing to this Amazon Web Services page

Immediately following the reboot my server running on this instance started to suffer from cpu stress.

We’re entering uncharted territory….

UPDATE: Kevin Beaumont:

https://twitter.com/GossiTheDog/status/948597924778430464

UPDATE: Worthwhile details emerging, especially about the AMD fallout, on Reddit.

UPDATE: There’s a report of Proof of Concept code from @brainsmoke.

Bingo! #kpti #intelbug pic.twitter.com/Dml9g8oywk

— Erik Bosman @brainsmoke@mastodon.social (@brainsmoke) January 3, 2018

UPDATE: Ryan Shrout

Still have to wait to see what happens to Windows platforms of course. But it appears that many consumer workloads may be unaffected.

— Ryan Shrout (@ryanshrout) January 3, 2018

UPDATE: Intel (with stock down about 4% today, as of this moment), says that the security hole extends to other processors. Jordan Novet at CNBC has more from Intel’s point of view.