[conspire] (forw) Intel HyperThreading vulnerability
Rick Moen
rick at linuxmafia.com
Thu May 12 18:21:17 PDT 2005
I know nothing more about this than what I see here, but I trust Greg
Sutter (longtime FreeBSD guy) implicity, and thus consider this highly
credible. See the two URLs directly under his .signature line, for
full details. Greg says he's going to be present a paper on this at
BSDcan tomorrow, in Ottawa.
----- Forwarded message from Gregory Sutter <gsutter at zer0.org> -----
Date: Thu, 12 May 2005 18:02:59 -0700
From: Gregory Sutter <gsutter at zer0.org>
To: rick at linuxmafia.com
Organization: Zer0
Subject: Intel HyperThreading vulnerability
Rick, please distribute as appropriate.
G
--
Gregory S. Sutter "Happiness isn't good enough
mailto:gsutter at zer0.org for me! I demand euphoria!"
http://zer0.org/~gsutter/ --Calvin (Bill Watterson)
http://kerneltrap.org/node/5103
http://www.daemonology.net/hyperthreading-considered-harmful/
=====
Topic: information disclosure when using HTT
Announced: 2005-05-13
Credits: Colin Percival <cperciva at freebsd.org>
CVE Name: CAN-2005-0109
I. Background
"Hyper-Threading Technology" is the name used for the implementation of
simultaneous multithreading on Intel Pentium 4, Mobile Pentium 4, and
Xeon processors.
II. Problem Description
A security flaw involving operating systems running on Hyper-Threading
Technology processors was has been reported. Complete details are not
available at the time of this writing. However, a workaround has been
issued. It is expected that more details will be available tomorrow, at
which time a revised version of this advisory will be published.
III. Impact
Information may be disclosed to local users, allowing in many cases for
privilege escalation.
=====
----- End forwarded message -----
More information about the conspire
mailing list