Vulnerability in the Intel CPU: affected by Windows and Linux, closing the vulnerability will lead to a performance drop of up to 30%

Intel has admitted a very serious vulnerability in its CPUs, and it can not be fixed by updating the microcode. Vulnerability affects all Intel processors in the last ten years at least. 

Closing the vulnerability requires updating the OS, patches for Linux are already out, Microsoft plans to close it in the traditional monthly "Tuesday patches." At the moment the details of the vulnerability are not disclosed, but some details still came out thanks to Python Sweetness and The Register.

Vulnerability allows programs to gain unauthorized access to certain data in a protected area of ​​the kernel memory. This can be prevented by inserting Kernel Page Table Isolation, which will make the kernel invisible to the current processes. This is not an ideal solution, but future patches for Windows, Linux and macOS will use this approach. 

However, such a solution can seriously impact performance. The drop in productivity due to insulation can reach 30 percent. Fortunately, the latest models of Intel processors with PCID technology (process context identifiers) may help reduce the performance drop, although it did not escape at all.

Vulnerability can be exploited in real conditions; In the first place, companies that use virtualization can be hit. 

While the details of the patches are not disclosed, and for obvious reasons Intel prefers to remain silent, we can only wait until we can fully appreciate the seriousness of the problem and the threat it poses to existing computer platforms. But at the moment it all looks very serious.