The first week of the brand-new year has not yet been completed, in addition to very soon a massive vulnerability will be going to hit hundreds of millions of Windows, Linux, in addition to Mac users worldwide.
According to a blog post published yesterday, the core team of Linux kernel development has prepared a critical kernel update without releasing much information about the vulnerability.
Multiple researchers on Twitter have confirmed in which Intel processors (x86-64) have a severe hardware-level issue in which could allow attackers to access protected kernel memory, which primarily includes information like passwords, login keys, in addition to files cached via disk.
The security patch implements kernel page-table isolation (KPTI) to move the kernel into an entirely separate address space in addition to keeps in which protected in addition to inaccessible via running programs in addition to userspace, which requires an update at the operating system level.
“The purpose of the series will be conceptually simple: to prevent a variety of attacks by unmapping as much of the Linux kernel via the process page table while the process will be running in user space, greatly hindering attempts to identify kernel virtual address ranges via unprivileged userspace code,” writes Python Sweetness.
in which will be noteworthy in which installing the update will hit your system speed negatively in addition to could bring down CPUs performance by 5 percent to 30 percent, “depending on the task in addition to processor product.”
“With the page table splitting patches merged, in which becomes necessary for the kernel to flush these caches every time the kernel begins executing, in addition to every time user code resumes executing.”
AMD processors are not affected by the vulnerability due to security protections in which the company has in place, said Tom Lendacky, a member of the Linux OS group at AMD.
“AMD processors are not subject to the types of attacks in which the kernel page table isolation feature protects against,” the company said.
“The AMD microarchitecture does not allow memory references, including speculative references, in which access higher privileged data when running in a lesser privileged mode when in which access would certainly result in a page fault.”
The Linux patch in which will be being released for ALL x86 processors also includes AMD processors, which has also been considered insecure by the Linux mainline kernel, although AMD recommends specifically not to enable the patch for Linux.
Microsoft will be likely to fix the issue for its Windows operating system in an upcoming Patch Tuesday, in addition to Apple will be also likely working on a patch to address the vulnerability.