TLBleed
TLBleed is a cryptographic side-channel attack that uses machine learning to exploit a timing side-channel via the translation look-aside buffer (TLB) on modern microprocessors that use simultaneous multithreading.[1][2] As of June 2018[update], the attack has only been demonstrated experimentally on Intel processors; it is speculated that other processors may also potentially be vulnerable to a variant of the attack, but no proof of concept has been demonstrated.[3] AMD had indicated that their processors would not be vulnerable to this attack.[4]
The attack led to the OpenBSD project disabling simultaneous multithreading on Intel microprocessors.[2][5] The OpenBSD project leader Theo de Raadt has stated that, while the attack could theoretically be addressed by preventing tasks with different security contexts from sharing physical cores, such a fix is currently impractical because of the complexity of the problem.[2]
See also
- Transient execution CPU vulnerability
- Zombieload
References
- ^ Williams, Chris (2018-06-22). "Meet TLBleed: A crypto-key-leaking CPU attack that Intel reckons we shouldn't worry about". The Register. Retrieved 2018-06-25.
- ^ a b c Varghese, Sam (2018-06-25). "OpenBSD chief de Raadt says no easy fix for new Intel CPU bug". www.itwire.com. Retrieved 2018-06-25.
- ^ Halfacree, Gareth (2018-06-25). "Researchers warn of TLBleed Hyper-Threading vuln". bit-tech.net. Retrieved 2018-06-25.
- ^ Williams, Chris (2018-06-22). "Meet TLBleed: A crypto-key-leaking CPU attack that Intel reckons we shouldn't worry about". The Register. Retrieved 2018-06-25.
- ^ Varghese, Sam (2018-06-21). "OpenBSD disables hyperthreading support for Intel CPUs due to likely data leaks". www.itwire.com. Retrieved 2018-06-25.
External links
- Research Paper
- v
- t
- e
← 2000s | Timeline | 2020s → |
2010 |
|
---|---|
2011 |
|
2012 | |
2013 | |
2014 | |
2015 | |
2016 |
|
2017 | |
2018 | |
2019 |
persistent threats
- Bangladesh Black Hat Hackers
- Bureau 121
- Charming Kitten
- Cozy Bear
- Dark Basin
- DarkMatter
- Elfin Team
- Equation Group
- Fancy Bear
- GOSSIPGIRL (confederation)
- Guccifer 2.0
- Hacking Team
- Helix Kitten
- Iranian Cyber Army
- Lazarus Group (BlueNorOff) (AndAriel)
- NSO Group
- Numbered Panda
- PLA Unit 61398
- PLA Unit 61486
- PLATINUM
- Pranknet
- Red Apollo
- Rocket Kitten
- Stealth Falcon
- Syrian Electronic Army
- Tailored Access Operations
- The Shadow Brokers
- Yemen Cyber Army
- Cyber Anakin
- George Hotz
- Guccifer
- Jeremy Hammond
- Junaid Hussain
- Kristoffer von Hassel
- Mustafa Al-Bassam
- MLT
- Ryan Ackroyd
- Sabu
- Topiary
- Track2
- The Jester
publicly disclosed
- Evercookie (2010)
- iSeeYou (2013)
- Heartbleed (2014)
- Shellshock (2014)
- POODLE (2014)
- Rootpipe (2014)
- Row hammer (2014)
- SS7 vulnerabilities (2014)
- JASBUG (2015)
- Stagefright (2015)
- DROWN (2016)
- Badlock (2016)
- Dirty COW (2016)
- Cloudbleed (2017)
- Broadcom Wi-Fi (2017)
- EternalBlue (2017)
- DoublePulsar (2017)
- Silent Bob is Silent (2017)
- KRACK (2017)
- ROCA vulnerability (2017)
- BlueBorne (2017)
- Meltdown (2018)
- Spectre (2018)
- EFAIL (2018)
- Exactis (2018)
- Speculative Store Bypass (2018)
- Lazy FP state restore (2018)
- TLBleed (2018)
- SigSpoof (2018)
- Foreshadow (2018)
- Dragonblood (2019)
- Microarchitectural Data Sampling (2019)
- BlueKeep (2019)
- Kr00k (2019)
2010 |
|
---|---|
2011 | |
2012 | |
2013 | |
2014 | |
2015 | |
2016 | |
2017 | |
2018 | |
2019 |
|
This computer security article is a stub. You can help Wikipedia by expanding it. |
- v
- t
- e