Is Hyper-Threading a security risk?

— 10:22 AM on May 16, 2005

Does Hyper-Threading in Intel processors present a security risk on multi-user systems? One gent seems to think so and has written up his findings, including a 12-page paper with sample code. His work was done in BSD Unix, but he claims multiple operating systems are affected. The problem, he claims, comes in the sharing of cache RAM that happens on a Hyper-Threaded CPU. He says it's possible for a malicious thread to peek into the contents of the cache used by another thread and retrieve critical data, such as encryption keys. His suggestion: disable Hyper-Threading on any multi-user system. If he's right, that may indeed be the best course of action until a patch is available. (Thanks to TR reader Ned for the link.)

Update: The Register's story on the problem cites sources at Intel saying that more than just Hyper-Threaded processors are affected:

The chip giant was also quick to point out that HT-enabled CPUs are not the only ones vulnerable to the newly exposed attack. It can be brought to bear against any processor with that can do simultaneous multi-threading. Dual-cores too, it seems, are vulnerable.
I'm not sure what to make of that. Cache sharing only happens on SMT systems, as far as I know, which means some PowerPC chips could be affected. Multiprocessor and multicore systems handle cached data in fundamentally the same way, at least in the x86 world, and no one has claimed that multiprocessor systems are vulnerable. It seems unlikely to me that dual-core Pentiums, Athlons, or Opterons would be affected, unless they use Hyper-Threading.
Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.