Today, a well-documented report of serious security flaws in all of Intel's Pentium 4 processors using HyperThreading technology has surfaced on the web.
The flaw may not affect single-user systems, but Administrators of multi-user systems are strongly advised to disable HyperThreading immediately on any system that is accessed by more than one user.
The flaw allows for local information to be disclosed. This includes allowing an under-privileged user to steal cryptographic keys by monitoring the execution of another thread. This is because there is shared access to the processors' memory caches. This also means that there's another way to get inside
a HyperThreading-enabled system without having enough privilege to do so, as shared cache means that there is the chance of an easily accessible high-bandwidth covert channel being created between threads.
The flaw's discoverer, Colin Percival, went on to recommend the following in a comprehensive 12-page report
detailing the flaws:
"CPU designers should, on all future processors which implement simultaneous multithreading, use cache eviction strategies which respect threading and minimize the extent to which one thread can evict data used by another thread. Similarly, 'multi-core' processors should either avoid sharing caches between the processor cores or use thread-aware cache eviction strategies."
There's also a short Q&A here
Discuss this news in our forums