TLBleed Vulnerability Affects Intel Processors Following Meltdown

TLBleed Vulnerability image

Following the sequence of dangerous vulnerabilities identified in Intel processors, researchers have found a yet another dangerous bug. The latest issue has been identified as the TLBleed vulnerability which is currently regarded as one of the critical problems with contemporary operating systems that are compatible with these hardware components.

TLBleed Vulnerability Discovered Following Meltdown and Spectre

The TLBleed vulnerability is the newest processor threat that seriously affects Intel-powered computers. The announcement was made by Theo de Raadt, the founder of OpenBSD which is one of the most popular free UNIX-Like operating systems. According to an interview he did for an online media he has been working for months on the issue. In the news article he states that Intel has not disclosed the bug to him or the general public.

In the interview it is also stated that a paper on the issue is to be presented at the annual Black Hat USA conference which is to be held next month. The developer has issued a hotfix that temporarily disables hyperthreading in order to mitigate the issue.

How the TLBleed Vulnerability Works

Upon further research security experts from Vrije Universiteit Amsterdam reported on finding a new side-channel vulnerability on hyperthreaded processors. The description matches the one given by Theo de Raadt and reveals that there is a serious bug affecting the way processes are handled. Those that use different logical cores can leak information during the processing. The presented proof of concept code demonstrates how malicious actors can implement this attack using an encryption calculation.

The made observations are made using a side channel analysis. They are a feature of operating systems and hardware implementations that leak information to the users. They are also the main causes of (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum authored by Martin Beltov. Read the original post at: