A new vulnerability has surfaced in Intel CPUs which can be used to leak encryption keys for signing messages. The vulnerability has been dubbed “TLBleed” and can leak encryption keys from another program, depending on the CPU architecture. The vulnerability has a 98% success rate and relies on Intel’s Hyper-Threading. According to researchers, “this side-channel flaw differs from Spectre and Meltdown, which exploit speculative execution. Intel’s Hyper-Threading technology is available on Intel Core, Core vPro, Core M, and Xeon processors.” The side-channel attack leaks data from the TLB (Translation Lookaside Buffers), which is a special type of memory cache. It stores recent translations that will map virtual to physical memory addresses. If a user has Hyper-Threading enabled, just a single core can execute several threads at the same time to advance performance, however the core shares the same memory caches and TLB. The vulnerability allows one thread to see how another will access the CPU via TLB. The information will then be used to figure out secrets from another program stored in shared RAM. The vulnerability had successfully exploited a 256-bit EdDSA key from cryptographic signing code. The vulnerability requires a victim to be infected with malware or for the victim to be logged into the machine. Intel has been informed about the vulnerability, but it appears that it will not be patched anytime soon.
When evaluating a Managed Detection & Response (MDR) service there are 5 critical components that