Linux Today: Linux News On Internet Time.

KernelTrap: Revisiting the Hyper-Threading Vulnerability

Dec 05, 2006, 10:45 (0 Talkback[s])

"A patch to make disabling Hyper-Threading a boot time option resurfaced on the lkml. The patch was originally created in response to a Hyper-Threading vulnerability which was first discussed on the lkml in May of 2005. Ben Collins explained, 'the original patch claims that hyper-threading opens the user up to some sort of security risk involving hardware limitations in protecting memory across the threads.' Arjan van de Ven disagreed, 'that is not correct. I suspect what is meant is the 'attack' on older openssl versions where you could in theory get SOME information about a key in use by snooping cache patterns in a shared cache situation. By no means is it a 'direct' leak of any kind, and openssl has since then been fixed to not have as many key-dependent execution streams anymore...'"

Complete Story

Related Stories: