‘Meltdown’ CPU Security Flaw Is Serious, But Fixes Won’t Affect Day-To-Day Performance

The last couple of days has seen word and rumour spread about a major security flaw in the very architecture of Intel CPUs so serious that it couldn’t be fixed via firmware updates and that software fixes to operating systems would impact performance by up to 30%. This isn’t an isolated issue, but one that affects practically all Intel CPUs in current use. AMD and ARM are also affected in a separate but related issue.

Naturally that’s led to some dramatic headlines and speculative pieces, but as the embargo for the Meltdown and Spectre security flaws have lifted and the likes of Google, Microsoft, Apple and Linux have already responding with necessary patches, thankfully the impact for day-to-day users will be fairly minimal.

To cut what’s about to become a rather technical story short, this has only a negligible impact on everyday workloads, from browsing to gaming and media creation. Instead, the impact will most keenly be felt with servers and the Cloud.


Meltdown and Spectre are both security flaws to do with speculative execution. When using your computer, there’s a divide between the core OS and the programs your running, with the CPU only able to address one set of memory at a time, switching back and forth as necessary. This ensures that programs can’t access the file system without permission, leech your passwords and so on. However, Intel’s CPUs are especially carefree in trying to preemptively execute instructions and access memor, throwing away those results that end up not being necessary. While programs cannot read that data directly, what Meltdown does is measure the effect the data has and figure out it is. The solution is to stop sharing the kernel page table to preventing this kind of crossover, but this can slow the CPU down significantly.

Here it is in action:

Spectre is a related issue, and it’s this that also affects AMD and ARM systems. It’s a more general attack that can break down the isolation between programs, so that a well designed program that perfectly adheres to security best practices could be hijacked. This is harder to exploit, but also harder to fix.

But what does this mean for you and me? Thankfully, Microsoft has released a patch this morning for Window 10 and will follow up for older systems on Patch Tuesday next week on 9th January, Apple have already patched most of these security holes in macOS 10.13.2 and will enhance these further in 10.13.3, the Linux kernel has been updated with KPTI, and Google have released patches for Pixel and Nexus users via the Android January security patch.

In every instance, this now means that programs that need to access the kernel regularly will be slowed down to varying degrees. Every disk read, every time you open a file, etc. will require that the CPU switch entirely over to the kernel and back again. Thankfully that’s a fraction of most workloads, so everything from video encoding to web browsing and gaming has already been benchmarked and shown be minimally affected, often within the 1-2% margin of error.

However, for the wider world of computing, the impact is more severe. Databases, coding, servers and cloud providers such as Amazon Web Services, all of which have much higher reliance on the kinds of workloads that this will slow. For the end user, this may be something of an invisible problem, but behind the scenes, running things like Steam, PlayStation Network and Xbox Live just got more expensive.

Source: Meltdown, Ars Technica [1, 2], Phoronix

Written by
I'm probably wearing toe shoes, and there's nothing you can do to stop me!

5 Comments

  1. Read up on this on Ars. It also means to me that today’s very cores of practically all IT is based on buggy early 90s technology. Hope this is a sufficient incentive for some proper progress.

  2. Y2k, now this… what’s next?

  3. i was with you all the way from “The last couple of days” and then you lost me :[
    but luckily the video cleared things up
    #sarcasm…..

    • In simple terms… There’s a bad thing that probably won’t affect most people, unless you’re downloading dodgy programs, or using some sort of server that other people may be using at some point in the future when the vulnerability is being exploited. It’s been fixed anyway, but the fix might slow things down. But unless you’re doing some serious database stuff, you won’t notice that either.

      Basically, don’t panic unless you own shares in Intel, and let everything update when it’s ready to.

      • lol cheers mate =]
        sometimes its just easier to put it into layman’s terms for us the uneducated..

Comments are now closed for this post.