An independent researcher has found a security flaw in Intel‘s Hyper-Threading Technology.
Colin Percival claims that Hyper-Threading, as currently implemented on Intel Pentium Extreme Edition, Pentium 4, Mobile Pentium 4, and Xeon processors, suffers from a flaw that permits local information disclosure, including allowing an unprivileged user to steal an RSA private key being used on the same machine.
The sharing of the execution resources of a superscalar processor between multiple execution threads has recently become widespread in Intel processors under the name Hyper-Threading. In this implementation, for reasons of efficiency and economy of processor area, the sharing of processor resources between threads extends beyond the execution units – the threads also share access to the memory caches.
Percival has demonstrated that this shared access to memory caches not only provides an easily used high bandwidth channel between threads, but also permits a malicious thread (operating, in theory, with limited privileges) to monitor the execution of another thread, allowing in many cases for theft of the cryptographic keys.
Percival presented his ideas at the BSDCan Conference at the
He advises administrators of multi-user systems to take action to disable Hyper-Threading immediately.
Percival has written a paper on the subject that can be downloaded here: