Winter definitely seems to be the season of discontent for Intel. Last year, they were dealing with defective Atom CPUs bricking devices. At the time it was a pretty serious situation, Cisco had to issue warnings to customers as well as recalls and buybacks. Now the company is dealing with a new CPU defect that might make last year seem like halcyon days.
This newly discovered flaw is really serious. Essentially, there are instances when Intel’s speculative execution doesn’t separate OS kernel and userspace applications, which can lead to getting read access to memory in other virtual machines. This would essentially break down the basic security of a virtualized environment. I won’t pretend to understand the details, but Bob Plankers and The Register have nice write ups (incidentally “Bob Plankers and The Register” is my Mike and the Mechanics cover band).
So is this like the VMware exploit from Pwn2Own that allowed for a VM escape, but was easily patched? Not remotely! Because the fixes to the virtual memory subsystem rolling out are showing substantial performance impacts. Initial tests show anywhere from a 5-30% drop in performance. It really puts organizations between a rock and a hard place. Do you patch and risk not being able to meet SLAs and application requirements? Or do you not patch and be liable for gross negligence? For legal purposes, the answer is obviously the former. But I won’t be surprised if we aren’t hearing security implications from this for years to come.
Oh if find any drool puddles around in the next few months, it’s probably AMD salivating at how they are going to market this.
Bob Plankers comments:
- You’re Wrong About Data Protection Policy – The On-Premise IT Roundtable - May 14, 2019
- Gestalt News for the Week of May 13, 2019 - May 13, 2019
- The Perpetual Plugin Problem | Gestalt IT Rundown: May 8, 2019 - May 8, 2019
- Gestalt News for the Week of May 6 ,2019 - May 6, 2019
- Azure and VMware Team Up | Gestalt IT Rundown: May 1, 2019 - May 1, 2019
- Bringing Yourself to Work – The On-Premise IT Roundtable - April 30, 2019
- Gestalt News for the Week of April 29, 2019 - April 29, 2019
- Docker Partners With Arm | Gestalt IT Rundown: April 24, 2019 - April 24, 2019
- Gestalt News for the Week of April 22, 2019 - April 22, 2019
- Patent Peace in Our Time | Gestalt IT Rundown: April 17, 2019 - April 17, 2019