What just happened? Researchers at the Systems and Network Security Group at Vrije Universiteit Amsterdam say they have discovered yet another critical flaw in Intel’s processors. Unlike Spectre and Meltdown, it doesn’t rely on speculative execution but instead exploits the company’s Hyper-Threading tech. Intel, however, won’t be issuing any patches.
As reported by The Register, the new side-channel vulnerability on hyperthreaded CPUs has been dubbed TLBleed as it uses a processor’s translation lookaside buffer (TLB), a type of cache that holds mappings from virtual memory addresses to physical memory addresses.
TLBleed is exploited through Intel’s Hyper-Threading. When this technology is enabled, each core can execute multiple threads—generally two—simultaneously. These threads share resources inside the core, including memory caches and TLB.
When two programs are running in the same core, it’s possible for one of the threads to spy on the other thread by examining how it accesses the CPU’s private resources. “From these observations, it is possible to determine the contents of RAM secret to that other program,” explains The Register.
Researchers say they were able to use TLBleed to extract cryptography keys from another running program in 99.8 percent of tests on an Intel Skylake Core i7-6700K. Tests using other types of Intel processors had similarly high success rates.
Most users have little to worry about from TLBleed. Exploiting it requires either malware first being installed on a system, or a malicious user gaining access. And there’s still no evidence of the exploit being used in the wild.
"Don't panic: while a cool attack, TLBleed is not the new Spectre," said researcher Ben Gras.
That doesn’t mean TSBleed shouldn’t be taken seriously. Last week, the developers of open source operating system OpenBSD disabled hyperthreading on Intel processors to protect against the vulnerability. Project leader Theo de Raadt is set to present a research paper at the Black Hat conference this August that will reveal why they made the change.
Intel appears unconcerned about any potential threats posed by TLBleed. It isn’t requesting a CVE number for the flaw and has even refused to pay the researchers a bug bounty reward (via HackerOne) for their discovery.
Gras believes AMD processors could be at risk from TLBleed, as these also run multiple threads simultaneously.