CERT is the Computer Emergency Response Team, based at Carnegie Mellon University. The team is sponsored by the U.S. Department of Homeland Security Office of Cybersecurity and Communications. CERT says the only way to properly bypass the flaw is a processor switch. “The underlying vulnerability is primarily caused by CPU architecture design choices,” CERT researchers say in a blog post. “Fully removing the vulnerability requires replacing vulnerable CPU hardware.” The Meltdown and Spectre CPU flaw is embedded in the kernel operations within a system. When a command is sent to perform any task, the CPU passes control to the kernel, which stays below the surface in processes even once the CPU takes back control. This is to ensure smoother and faster performance, but also means systems are potentially at risk at kernel level. In its newest chips, Intel has overcome the problem with the Kernel Page Table Isolation (PTI) workaround. PTI places the kernel in a dedicated address space, making it unavailable to running processes. However, this comes are a costly price as is severely compromises performance.
Incoming Regulatory Pressure?
In its advisory, CERT says users should apply patches, but these will only “mitigate the underlying hardware vulnerability.” It is worth pointing out that CERT has no regulatory control despite being government-related. In other words, the team is not mandating companies and customers to remove the CPUs. However, considering the potential significance of this problem, some regulatory pressure from other departments is not out of the question.