Hyper-Threading, as currently implemented on Intel Pentium Extreme Edition, Pentium 4, Mobile Pentium 4, and Xeon processors, suffers from a serious security flaw. This flaw permits local information disclosure, including allowing an unprivileged user to steal an RSA private key being used on the same machine. Administrators of multi-user systems are strongly advised to take action to disable Hyper-Threading immediately; single-user systems (i.e., desktop computers) are not affected.
duraid @ 2cpu.com wrote:This is not a problem specific to Intel hyperthreading. The situation occurs on any processor that allows multiple concurrent threads of execution that can "attack" a shared cache. Therefore, the same problem will be observed on:
any multi-core processor that has a shared cache, regardless of whether or not it has any sort of hyperthreading. For example, IBM's POWER4 and POWER5 are vulnerable to the attack described, even if you disable SMT.