Intel released a statement earlier today denying media reports that upcoming patches for a yet-to-be-disclosed security bug cause huge performance dips for devices using Intel CPUs.
The vulnerability —detailed in a previous Bleeping Computer article here— is said to be a security issue that impacts Intel processors mainly.
Details about this vulnerability are currently kept under wraps due to concerns of potential attacks that might try to exploit the bug.
Intel says other vendors are also affected
In its statement, Intel acknowledged the security issue for the first time but said that other vendors are also affected, and this is not an Intel-only issue.
Intel is right. The patches for the said security issue apply to CPUs from all vendors, not just Intel, and address general design issues in kernel memory management.
The confusion that only Intel is affected comes after an AMD engineer said that AMD processors are not affected by the vulnerability, even recommending that users disable the new security feature introduced in Linux kernels to address the flaw, fearing performance dips in AMD CPUs.
Intel says performance dip is not significant
While Intel acknowledged the security issue, the company's execs have a bone to pick with all the news stories that put a focus on "performance dips" in Intel CPUs.
Intel is committed to the industry best practice of responsible disclosure of potential security issues, which is why Intel and other vendors had planned to disclose this issue next week when more software and firmware updates will be available. However, Intel is making this statement today because of the current inaccurate media reports.
There have been many articles published in the media claiming that Intel CPUs suffer between a 5% to 50% drop in processing speed due to the patches.
Even before the Intel statement, some experts —including Linus Torvalds— have tried to set the record straight by saying that performance dip varies based on the type of operations each process is running, and that normal PC users won't be affected.
If AWS and Azure are patching it over next few days, they will be confident on performance impact being acceptable as they’re running millions of systems.
— Kevin Beaumont (@GossiTheDog) January 3, 2018
Many hardware and software experts also pointed out that many of the benchmark tests that evaluated Intel CPU performance were carried out by comparing stable OS versions against patched but in-dev OS versions, which weren't optimized and would most likely receive more fixes.
Intel stock took a tumble
Despite this, there's been an abundance of negative headlines that piled up on Intel with claims of poor performance. These headlines caused Intel stock price to plummet by 8% earlier today, while AMD rose by 7%, just because the company stated they were not affected. AMD stock price dropped back to yesterday's levels after the Intel press release, while Intel stock is still 4% under yesterday's value.
But even after clarifying the problem of perceived performance issues, some users believe that Intel is now downplaying the security issue's overall impact [1, 2].
Whoever wrote the intel PR piece deserves an award in marketing and communications. The number of synonyms used for “write access” to distract from “read access works just fine” is cunning. As is conflating “intel product” with “OS vendors”. And ARM w/ AMD (who makes ARM64 CPUs).
— Alex Ionescu (@aionescu) January 3, 2018
There are no actual lies in that statement. It’s all true statements. That’s the beauty.
— Alex Ionescu (@aionescu) January 3, 2018
Intel has a market share of than 80 percent on desktops and more than 90 percent on the laptop and server markets. The Intel statement is available here.
UPDATE: Google has published details regarding flaws affecting almost all CPUs released in the last two decades, confirming Intel's statement. The flaws affect everything from smartphones to cloud servers, and from desktops to laptops. CPUs from all chipset vendors are vulnerable.
Comments
pccobbler - 6 years ago
CC wrote: "Intel is right. The patches for the said security issue apply to CPUs from all vendors"
Intel is wrong. At least for Linux, the updates will apply to all processors except AMD. See the below link from the Linux kernel community including this line of code: "if (c->x86_vendor != X86_VENDOR_AMD)"
https://lkml.org/lkml/2017/12/27/2
I predict Microsoft will use this as an opportunity to cripple Windows 7 to speed-up the migration to its data-mining Windows 10.
campuscodi - 6 years ago
Yes, I am aware the Linux team made the change to whitelist AMD CPUs, but this was after the article's publication: https://www.phoronix.com/scan.php?page=news_item&px=Linux-Tip-Git-Disable-x86-PTI
As Google has also confirmed, this affects everyone and everything: https://meltdownattack.com/
pccobbler - 6 years ago
I did not intend that as an attack on you or BleepingComputer, as you guys are the best in the industry at providing security news and resources. I was just ticked that Intel is trying to spread the blame, when AMD had the right approach all along, but got hammered in the marketplace by Intel marketing.
As for Meltdown, at first it looked like the vulnerability only (!) went back as far as Intel's Core architecture which was introduced in 2006, but if it really goes back to the first Pentiums, this might resemble an extinction level event for chipzilla. Google said it had not verified Meltdown in AMD processors as of yet and I'm not convinced that will ever happen, given the nature of the vulnerability, where Intel gained speed via out-of-order execution.
Pointless_noise - 6 years ago
I think a real odd part of this whole thing is it seems last month the Intel CEO sold a shed load of his intel stock.