In case you missed it:Intel CPUs have another security flaw

At this point, I don't supposed that this will really surprise anyone, but it's happened again:

A team of researchers at the Systems and Network Security Group at Vrije Universiteit Amsterdam, in the Netherlands, say they were able to leverage the security weakness to extract crypto keys from another running program in 99.8 of tests on an Intel Skylake Core i7-6700K desktop CPU; 98.2 percent of tests on an Intel Broadwell Xeon E5-2620 v4 server CPU; and 99.8 per cent of tests on a Coffeelake part.

Their code was able to lift a secret 256-bit key, used to cryptographically sign data, from another program while it performed a signing operation with libgcrypt’s Curve 25519 EdDSA implementation. It took roughly 17 seconds to determine each of the keys using machine-learning software and some brute force, according to a paper detailing the attack, seen by The Register this week.

[...]

The extraction technique is not reliant on speculative execution, and thus is unrelated to Spectre and Meltdown. Instead, it builds upon the exploitation of Intel's Hyper-Threading technology and the processor caches to leak data, which is a known security problem with its own mitigations.

Have I mentioned lately how relieved I am to have stuck with AMD, all these years?

Important points:

1. TLBleed is unrelated to the Meltdown and Spectre vulnerabilities that Google Project Zero reported back in January; it's an entirely new category of vulnerability, and one which Intel's competitors apparently don't share.
2. TLBleed affects Intel CPUs ranging from Broadwell to Coffee Lake, i.e. every Intel CPU released since 2014, including their newest (Broadwell was followed by Skylake, and then by Kaby Lake, although The Reg's coverage doesn't specifically mention Kaby Lake). So, once again, we're talking about a lot of affected PCs.

Intel, naturally, has "no plans to specifically address a side-channel vulnerability in its processors that can be potentially exploited by malware to extract encryption keys and other sensitive info from applications." Because why would Intel have a plan? Or, really, a clue? Look for this messaging to change as this story gains traction, though... and then for Intel comments to dry up entirely, once the class action lawsuits start. Because they will start, and it won't take long.

And don't think that Whiskey Lake or Cannon Lake are going to fix the issues, either; both of those are just variations on Skylake/Kaby Lake.

Intel have clearly been playing way too fast for way too long with consumers' security in the name of eking out a little extra performance over AMD, and with no clear plan for what they'd do when it started to come back to bite them. TLBleed is now the fourth serious security vulnerability to be found in Intel's hardware in just a year, starting with Intel's TME, Meltdown, and Spectre, with only Spectre reaching well beyond Intel. I don't expect it to be the last.