TLBleed another security flaw in modern CPU`s

Author	Message
MarkJ Volunteer tester Send message Joined: 17 Feb 08 Posts: 1139 Credit: 80,854,192 RAC: 12	Message 1942824 - Posted: 6 Jul 2018, 3:08:13 UTC OpenBSD were going to disable HT due to the various security concerns, see Phoronix article BOINC blog ID: 1942824 ·

Pierre A Renaud FCD @ team Carl Sagan Send message Joined: 3 Apr 99 Posts: 953 Credit: 9,101,544 RAC: 147	Message 1942809 - Posted: 6 Jul 2018, 0:40:54 UTC - in response to Message 1942199. Well, I think I'll be able to sleep tonight. Sysadmins might not, though. Before we get into the more technical stuff, we should stress that this is not the end of the world because, first, you need malware running on, or a malicious user logged into, your system to exploit it. Second, no one right now is leveraging the weaknesses in the wild. There are easier ways for hackers to extract data from a computer or other device, via security bugs in browsers, PDF readers, email clients, and so on. And, third, exploiting this TLB side channel is non trivial. However, if you are worried about cache-based attacks – such as, if you're running a virtual machine on a public cloud platform, and fear neighboring guests are trying to snoop on you – then you should be paying attention. Some might rethink running HT on modern CPU`s. https://www.theregister.co.uk/2018/06/22/intel_tlbleed_key_data_leak/ Apr 3, 1999 – Apr 26, 2020 ID: 1942809 ·

Mike Volunteer tester Send message Joined: 17 Feb 01 Posts: 32170 Credit: 79,922,639 RAC: 181	Message 1942199 - Posted: 1 Jul 2018, 11:03:27 UTC Some might rethink running HT on modern CPU`s. https://www.theregister.co.uk/2018/06/22/intel_tlbleed_key_data_leak/ With each crime and every kindness we birth our future. ID: 1942199 ·

©2020 University of California

SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.