Following the sequence of dangerous vulnerabilities identified in Intel processors, researchers have found a yet another dangerous bug. The latest issue has been identified as the TLBleed vulnerability which is currently regarded as one of the critical problems with contemporary operating systems that are compatible with these hardware components.
TLBleed Vulnerability Discovered Following Meltdown and Spectre
The TLBleed vulnerability is the newest processor threat that seriously affects Intel-powered computers. The announcement was made by Theo de Raadt, the founder of OpenBSD which is one of the most popular free UNIX-Like operating systems. According to an interview he did for an online media he has been working for months on the issue. In the news article he states that Intel has not disclosed the bug to him or the general public.
In the interview it is also stated that a paper on the issue is to be presented at the annual Black Hat USA conference which is to be held next month. The developer has issued a hotfix that temporarily disables hyperthreading in order to mitigate the issue.
How the TLBleed Vulnerability Works
Upon further research security experts from Vrije Universiteit Amsterdam reported on finding a new side-channel vulnerability on hyperthreaded processors. The description matches the one given by Theo de Raadt and reveals that there is a serious bug affecting the way processes are handled. Those that use different logical cores can leak information during the processing. The presented proof of concept code demonstrates how malicious actors can implement this attack using an encryption calculation.
The made observations are made using a side channel analysis. They are a feature of operating systems and hardware implementations that leak information to the users. They are also the main causes of the prior vulnerabilities Spectre and Meltdown which were revealed earlier this year.
The TLBleed processor vulnerability has been shown to affect the translation lookaside buffer (TLB) which is used to determine the memory addresses during code execution. It is used to hold the mapping of currently executable programs from the virtual memory addresses as they are translated to the physical memory targets. This is a complex process that involves several different name resolutions in large databases. As this is a very slow operation to execute with each query, most modern processors use the TLB cache for optimization purposes. They record the most recently used addresses in order to speed up up the application requests. Like other similar caches they implement a hierarchical layout. This structure enables the abuse of the side channel.
As detailed information about the TLBleed vulnerability is not yet available it is speculated that AMD Ryzen processor can also be affected. This is due to the fact that they also implement hyperthreading capabilities that work in the same manner as Intel processors.
Intel has issued a statement following the media reports:
Intel has received notice of research from Vrije Universiteit Amsterdam, which outlines a potential side-channel analysis vulnerability referred to as TLBleed. This issue is not reliant on speculative execution, and is therefore unrelated to Spectre or Meltdown. Research on side-channel analysis methods often focuses on manipulating and measuring the characteristics (e.g. timing) of shared hardware resources. These measurements can potentially allow researchers to extract information about the software and related data. TLBleed uses the Translation Lookaside Buffer (TLB), a cache common to many high performance microprocessors that stores recent address translations from virtual memory to physical memory. Software or software libraries such as Intel® Integrated Performance Primitives Cryptography version U3.1 – written to ensure constant execution time and data independent cache traces -should be immune to TLBleed. Protecting our customers’ data and ensuring the security of our products is a top priority for Intel and we will continue to work with customers, partners and researchers to understand and mitigate any vulnerabilities that are identified.
According to security experts in order to mitigate this issue operating system developers will need to make code changes that reflects the way processes are being executed. There are several use cases where a general fix my not be viable. The current approach undertaken by the OpenBSD team does protect the systems but it results in a serious drop of performance.