Hello, welcome to the Thursday, January 4th, 2018 edition of the Sand Center, Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Lots of talk today about security vulnerability in Intel processors.

This vulnerability apparently affects all recently released Intel processors going back about 10 years.

Now the issue here is how kernel memory is isolated from regular user processes.

Now the problem here is that user processes do need to interact with the kernel regularly to, for example, access the network or file systems, and in order to help with that, the kernel's memory space is actually mapped into the process space of these individual user processes.

But the kernel of course holds a lot of confidential data like encryption keys and

the like.

So in order to prevent normal user processes from reading kernel memory, the processor is supposed

to keep the two apart by switching from user mode

and to kernel mode whenever it is needed.

And apparently something is going wrong with this switch in Intel processors.

There are not a lot of details known yet.

The details are still under embargo until all the patches have been released.

But that's sort of the big picture as it's known right now. Now patches are coming out for Windows

for Linux and other operating systems. The Windows patches should be released next week with Microsoft's

regular patch Tuesday. Now these patches aren't really patching the actual problem. The

actual problem in the processor apparently cannot be patched with firmware or software. Instead,

it would require new hardware. So what's being

released here is not so much a patch. It's really more a workaround. And what operating

systems have to do now is they have to separate kernel memory and user space memory again,

which removes the efficiencies that were gained by actually

...