This is the most recent CPU-level vulnerability discovered in Intels silicon.
Both of those issues were resolved or, perhaps more accurately, mitigated with software tweaks and microcode patches.
BitDefender says this recently-discovered issue can be resolved at least, partially with microcode patches.
40% off TNW Conference!
To conclusively protect against this attack, customers would have to replace their Intel silicon with a redesigned chip.
Lord of the Rings
First, a bit of background.
Most modern CPUs segment permissions in so-called rings.
On Intel CPUs there are four rings, with the higher-numbered rings havingleastamount of access to the underlying system.
Ring 0 is called kernel mode.
This is primarily used by the operating systems most fundamental, low-level functions.
For stability and security reasons, access to kernel mode is carefully restricted.
Everything you use, from Microsoft Word to Google Chrome, sits on this layer.
to get to interact with the computers hardware, user mode applications must go through several intermediaries.
This isnt an abstract concept.
Its a security system thats the product of careful thought from highly skilled electrical engineers and computer scientists.
It is directly implemented on the chipset level.
I highly recommend you check it out.
He does the topic justice in a way that I cannot.)
The ring system also makes it possible for multi-tenant computing to exist.
Thats crucial, especially if my site will process credit card transactions, or hold customer data.
And thats absolutely petrifying when you consider the direction the hosting industry has taken over the past decade.
Therefore, any vulnerability that undermines the cloud computing industry could throw the digital economy into chaos.
Oh dear.
TNW reached out to Intel for comment.
A representative, speaking over email, directed us to the companysadvisoriesanddocumentationfor the issue.
The company has also offered specific guidance to software developers, which you’re free to readhereandhere.
Google pointed us to its security bulletin, whichlists affected services, along with best steps for consumers.
it’s possible for you to read this below.
In parallel, the Xen security team have released Xen Security Advisory 297.
Should we hear back from Heroku, well update this post.
Update 18:15 added links to Amazon and Googles security bulletins.
Update 19:13 Added Amazon statement.
