Why Intel refusing to fix the TLBleed vulnerability?

spinonews TLBleed vulnerability

TLBleed vulnerability

Nowadays, a large number of flaws discovered in famous CPUs. Now, researchers from Vrije Universiteit Amsterdam found a dangerous vulnerability in Intel CPUs. The TLBleed vulnerability uses flaws in the CPU’s translation lookaside buffer (TLB), a special type of cache memory that map virtual to physical memory addresses.

TLBleed misused through the execution of symmetric multithreading (SMT) a technique for improving the efficiency of CPUs with, by Intel’s hyper-threading. With hyper-threading enabled, a single core can execute multiple threads simultaneously, and sharing resources inside that core, including TLB.

As per the scientists, in tests, the vulnerability can use to separate cryptography keys from another running program with at least 98% achievement rate. When two programs running on the same core, it is possible for one thread to spy on the other thread by examining how it accesses the CPU’s private resources.

Users worry about the TLBleed vulnerability

While, most users worry about the TLBleed vulnerability. If the system gets exploited, it requires either malware installed on a system, or a malicious user gaining access. Still now, there’s no evidence of the exploit used in the wild.

Researchers, Ben Gras, said, TLBleed is not the new threat and the technical details of TLBleed set to release on next week.

A week ago, the developers of open source operating system OpenBSD disabled hyperthreading on Intel processors to protect against the vulnerability. Theo de Raadt, founder and leader of the Open BSD is going to present an exploration paper in August that will uncover why they rolled out the improvement.

While, Intel didn’t involve about any potential dangers postured by TLBleed. It isn’t asking for a CVE number for the flaw and even declined to pay the researchers bug bounty reward for their discovery.

Gras also believes AMD processors could be in danger from TLBleed. The AMD CPUs also run multiple threads simultaneously.