Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign

A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux/Windows and other kernels. This CPU vulnerability makes  side-channel attacks. possible, memory exploits can read the memory content of your computer from an unprivileged process. This may include passwords and sensitive data stored on the system.

As Linux's creator, Linus Torvalds, said on the Linux Kernel Mailing List:

I think somebody inside of Intel needs to really take a long hard look at their CPU's, and actually admit that they have issues instead of writing PR blurbs that say that everything works as designed.

... and that really means that all these mitigation patches should be written with "not all CPU's are crap" in mind.

Or is Intel basically saying 'we are committed to selling you shit forever and ever, and never fixing anything?' Because if that's the case, maybe we should start looking towards the ARM64 people more.

https://en.wikipedia.org/wiki/Kernel_page-table_isolation:
Prior to the KPTI/KAISER/F*CKWIT, whenever executing user space code (applications), Linux would also keep its entire kernel memory mapped in page tables, although protected from access. The advantage is that when the application makes a system call into the kernel or an interrupt is received, kernel page tables are always present, so most context switching-related overheads (TLB flush, page table swapping, etc) can be avoided. 

In 2005, the Linux kernel adopted address space layout randomization (ASLR), which makes it more difficult to exploit kernel vulnerabilities, which relies on kernel addresses remaining hidden from user space. Despite prohibiting access to these kernel mappings, it turns out there are several side-channel attacks in current Intel x86 processors (as of December 2017) that can leak the location of this memory, making it possible to work around KASLR AMD x86 processors are not affected by these attacks and don't need KPTI to mitigate them.

The KPTI/KAISER/F*CKWIT patches these leaks by separating user space and kernel space page tables entirely. The fixes will reduce the effectiveness of the CPU's speculative execution and on-die caches, forcing it to go out to main memory more, essentially slowing down the CPU. Reports claimed the degradation could cause a slowdown of between 5% and 30% of typical performance

Windows/OS X/FreeBSD/VMware and other other operating system have similar fixes.

Here are some more details:
http://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
https://googleprojectzero.blogspot.com.au/2018/01/reading-privileged-memory-with-side.html?_sm_au_=iVV5D5N7S4RSMLHM

https://newsroom.intel.com/news/intel-responds-to-security-research-findings/

https://www.theguardian.com/technology/2018/jan/03/major-security-flaw-found-intel-processors-computers-windows-mac-os-linux

https://nakedsecurity.sophos.com/2018/01/03/fckwit-aka-kaiser-aka-kpti-intel-cpu-flaw-needs-low-level-os-patches/

https://spectreattack.com/

https://meltdownattack.com/meltdown.pdf

https://spectreattack.com/spectre.pdf

https://access.redhat.com/security/cve/CVE-2017-5754
https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html
https://blog.xenproject.org/2018/01/04/xen-project-spectremeltdown-faq/

AWS have issued critical security bulletin:

https://aws.amazon.com/security/security-bulletins/AWS-2018-013/

See exploit in action: