Navigation Bar Top Applications Support Documentation Vendors Search Index Top Top

kernel -- information disclosure when using HTT

Description:

Problem description and impact

When running on processors supporting Hyper-Threading Technology, it is possible for a malicious thread to monitor the execution of another thread.

Information may be disclosed to local users, allowing in many cases for privilege escalation. For example, on a multi-user system, it may be possible to steal cryptographic keys used in applications such as OpenSSH or SSL-enabled web servers.

NOTE: Similar problems may exist in other simultaneous multithreading implementations, or even some systems in the absence of simultaneous multithreading. However, current research has only demonstrated this flaw in Hyper-Threading Technology, where shared memory caches are used.

Workaround

Systems not using processors with Hyper-Threading Technology support are not affected by this issue. On systems which are affected, the security flaw can be eliminated by setting the "machdep.hlt_logical_cpus" tunable:

# echo "machdep.hlt_logical_cpus=1" >> /boot/loader.conf

The system must be rebooted in order for tunables to take effect.

Use of this workaround is not recommended on "dual-core" systems, as this workaround will also disable one of the processor cores.

References:

Affects:

portaudit: kernel -- information disclosure when using HTT

Disclaimer: The data contained on this page is derived from the VuXML document, please refer to the the original document for copyright information. The author of portaudit makes no claim of authorship or ownership of any of the information contained herein.

If you have found a vulnerability in a FreeBSD port not listed in the database, please contact the FreeBSD Security Officer. Refer to "FreeBSD Security Information" for more information.


Oliver Eikemeier <eik@FreeBSD.org>