The impact of recently discovered security flaws inside computing chipsets is reverberating around the technology space and is sure to overhang news coming out of next week’s CES in Las Vegas. Those flaws are known as Meltdown and Spectre.
A number of cloud providers have already moved on the exposed bugs, implementing fixes designed to minimize their impact.
Others have come out to discuss the wide-ranging impact from the flaws. Apple, for instance, said the flaws impact all “modern processors and affect nearly all computing devices and operating systems,” though the company was not aware of any current exploits.
Meltdown and Spectre
The flaws were originally found last year by Google researchers. The company’s Project Zero team found the flaws impact CPU architectures used by AMD, ARM, and Intel; other computing devices; and operating systems, including those based on Linux.
The flaws in general take advantage of CPUs that use speculative execution to improve performance. This can allow an attacker to access memory data, including passwords, encryption keys, and other information open in applications that are stored on memory.
Specifically, Meltdown can allow an attacker to read kernel memory. Apple noted this flaw had the most potential for exploitation within its ecosystem.
Spectre involves a pair of flaws that can allow access to kernel memory available to applications running on a system.
Intel wrote in a statement that it was working with partners to roll out updates designed to shore up the flaws. The company explained that by the end of the week it expects to have issued updates for more than 90 percent of processor products introduced over the past five years.
Reports indicate that the updates could slow down the overall processing capabilities of the impacted chipsets by up to 30 percent. However, Intel downplayed the impact. “While on some discrete workloads the performance impact from the software updates may initially be higher, additional post-deployment identification, testing, and improvement of the software updates should mitigate that impact,” the company noted.
Reports have also surfaced that Intel CEO Brian Krzanich sold more than $39 million of Intel stock last November after the company had been notified of the CPU flaws. Those stock sales netted Krzanich approximately $25 million.
Linus Torvalds, who was one of the creators of Linux and a fellow at the Linux Foundation, had harsh words for Intel.
“I think somebody inside of Intel needs to really take a long hard look at their CPUs and actually admit that they have issues instead of writing PR blurbs that say that everything works as designed,” he wrote, adding that “maybe we should start looking towards the ARM64 people more.”
However, it should be noted that Google found the flaws also impact some ARM architectures.
The Linux Foundation itself has so far not issued a statement on the flaws, nor has it responded to a request for comment by press time.
Intel’s stock price has vacillated since the flaws were announced. It was trading at $46.85 per share prior to the reports, before dropping to as low as $42.69 per share. The company’s stock was trading near $45 per share early Friday.
AMD was touted as being in a position to take advantage of the news, though it has also seen a fluctuation in its stock price. It was trading at around $11 per share prior to the reports, before rising to as high as $12.43 per share. AMD stock was trading at $11.79 per share early Friday.
In its statement, Google said an industry-wide disclosure on the bug was originally scheduled for Jan. 9, which is the first day of the tech-heavy CES show. Chip and computing companies typically have the largest presence at the annual event.