The flaw reportedly is in the kernel that controls the chip performance, allowing commonly used programs to access the contents and layout of a computer’s protected kernel memory areas. The Linux kernel community, Microsoft and Apple have been working on patches to their operating systems to prevent the vulnerability.
A design flaw in all Intel chips produced in the last decade is responsible for a vulnerability that puts Linux, Windows and macOS-powered computers at risk, according to multiple press reports.
The Linux vulnerability was discovered in part through discussions in the Linux development forums referencing drastic overhauls in how the OS handles kernel memory.
Intel on Wednesday characterized the reports as incorrect, maintaining in an online post that the problem is not due to a bug or flaw, and that it is not unique to Intel products.
The flaw is OS independent, so the impact is far more reaching than just Linux, including Windows, macOS, virtual and cloud environments,” said Chris Morales, head of security analytics at Vectra.
Fixing the problem entails making major changes at the operating system level. Current Linux patches involve separating the kernel’s memory from the user processes.
The flaw in the Intel chip involves the process used to ensure users do not have access to the kernel, Morales told LinuxInsider. That process has a bug that allows a user to execute code to read and access kernel level memory access.
It exposes critical information that would be stored there, like system passwords, he said, noting that a proof of concept that exploits the flaw already has been seen in the wild.