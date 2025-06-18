from the I-predict-another-one-in-six-months-tops dept.
Recompiling is unlikely to be a catch-all solution for a recently unveiled Intel CPU vulnerability known as TLBleed, the details of which were leaked on Friday, the head of the OpenBSD project Theo de Raadt says.
The details of TLBleed, which gets its name from the fact that the flaw targets the translation lookaside buffer, a CPU cache, were leaked to the British tech site, The Register; the side-channel vulnerability can be theoretically exploited to extract encryption keys and private information from programs.
Former NSA hacker Jake Williams said on Twitter that a fix would probably need changes to the core operating system and were likely to involve "a ton of work to mitigate (mostly app recompile)".
But de Raadt was not so sanguine. "There are people saying you can change the kernel's process scheduler," he told iTWire on Monday. "(It's) not so easy."
on Tuesday June 26, @12:58AM
And if it's old enough, possibly it's OK. Some folks have new computer. And if it's not Intel brand, possibly OK. And some folks don't have computer, they're definitely OK. Unless they rent The Cloud.
This is a great opportunity for Intel. Bring out the new cyber without the bugs. Let folks trade in the old cyber and get a discount. Like #CashForClunkers [twitter.com] Factories will stay very busy!
by edIII on Tuesday June 26, @01:06AM
FUCK that nonsense. I'm more interested in secure computing to the extent I will take lesser powered and lesser featured CPUs, and will never trust Intel again. They were deeply arrogant the entire time about their management engine.
Why would I buy Intel *again*?
by Runaway1956 on Tuesday June 26, @01:26AM
I've been an AMD guy for a long time. The last Intel I owned was a P3. I don't like the corporate attitude about things like tracking users. I don't like the way they lock their chips up, forcing you to pay for each and every feature. That's a holdover from the days of mainframes. I never did like their obsession with speed.
With AMD, they're happy with a slower clock speed. The focus is on "real world use", and it has been for quite a long while. So, you lose a few cycles in speed, but the chip is tuned to do things that users actually do with those chips. I've been happy with that. Overall, AMD has a better philosophy, which leads to a better thought out design.
So, actually, I've sacrificed nothing by using AMD.
by Anonymous Coward on Tuesday June 26, @01:12AM
Time to open a wormhole and revert to older hardware:
https://en.wikipedia.org/wiki/Contiki [wikipedia.org]
Or do THOSE systems have a possible back-door(s) in them?
by Knowledge Troll on Tuesday June 26, @01:30AM
I'm the security minded person and advocate at work (aka, I give a shit and try to drag other people along into the give a shit club too, with varying degrees of success) and I disseminated this information inside the organization. I feel like it is important to share these threats so they are well understood but no one, including myself, knows what to do in the face of workstations and servers built on CPUs where the security guarantees do not hold true. Further people are asking me what good this information does with out some action to take - I can't say I disagree with that.
This one is troublesome because Intel doesn't seem to feel the need to admit that it is a problem (perhaps if they can just keep saying it isn't a problem they won't get sued?) and there doesn't appear to be any mitigation available except to disable Hyper-threading which itself is not something generally available to configure. The OpenBSD technique of taking the hyperthread CPUs off line seems like it is the only option. It seems like this would be possible in Linux, I recall off lining a running CPU before but it's been a while and it wasn't on X86.
I asked one of our VPs to meet with me tomorrow so we can formulate the organization level response to information such as this but honestly I'm not sure what we can do. The devs can't stop working and they can't stop accessing systems that need to be considered as secure.
This is particularly aggravating.
by Anonymous Coward on Tuesday June 26, @01:41AM
Invest in ARM? I saw some real nice 32-core workstations the other day...