Hey guys and gals,
Just found this article about how the Linux team discovered a vulnerability in almost all Intel CPUs. Both Windows and Linux are rolling out an update that will decrease all Intel CPUs performance by at least 17% if not up to 25%. Unsure what the macOS timeline is. It has to do with being able to inject code from mundane places by exploiting the speculative instruction feature that attempts to guess what instructions will be coming next in the pipeline to gain access to the kernel memory. There is no security check when this happens apparently and seems like a pretty big deal as the problem appears not to be able to be fixed in hardware at all as Intel says the issue cannot be fixed with a microcode update.
EDIT: This is one of my favorite lines:
At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka F UCKWIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers.
EDIT2: The scale of this is immense, looks like half the worlds computers might have this vulnerability. They literally have to update the entire Azure, AWS, and GCE clouds because of this.
EDIT3: This can be used to cause a virtual machine to bypass the hypervisor mode of the CPU and gain access to the kernel mode of the host machine!!! OMG this is a very very bad vulnerability.
EDIT4: I also see reports that some older Intel CPUs may take a performance hit of 30% or more.
EDIT5: The performance hit depends on the IPC of the CPU, the presence of CPID feature, and the amount of instructions supported by the CPU since the more instructions, the more the speculative instruction feature includes exceptions/undocumented instructions that can be exploited.
EDIT6: For reference, IPC for specific CPUs models.