TLBleed: When Protecting Your CPU Caches is Not Enough

Conference:  BlackHat USA 2018



The presentation discusses the concept of side-channel attacks in computing systems and how shared resources can lead to the leakage of secret information. The speaker provides an example of a cache attack called flush and reload.
  • Shared resources in computing systems can lead to side-channel attacks and the leakage of secret information
  • Examples of shared resources include RAM chips and CPU caches
  • Cache attacks like flush and reload can be used to observe the access patterns of other processes and potentially leak secret information
The speaker provides an example of a cache attack called flush and reload, which takes advantage of the fact that multiple processes may be sharing the same physical memory. By flushing a piece of memory out of the cache and then accessing it again, an attacker can observe whether another process has used that memory in the meantime, potentially revealing secret information.


We present TLBleed, a novel side-channel attack that leaks information out of Translation Lookaside Buffers (TLBs). TLBleed shows a reliable side channel without relying on the CPU data or instruction caches. This therefore bypasses several proposed CPU cache side-channel protections, such as page coloring, CAT, and TSX. Our TLBleed exploit successfully leaks a 256-bit EdDSA key from cryptographic signing code, which would be safe from cache attacks with cache isolation turned on, but would no longer be safe with TLBleed. We achieve a 98% success rate after just a single observation of signing operation on a co-resident hyperthread and just 17 seconds of analysis time. Further, we show how another exploit based on TLBleed can leak bits from a side-channel resistant RSA implementation. We use novel machine learning techniques to achieve this level of performance. These techniques will likely improve the quality of future side-channel attacks. This talk contains details about the architecture and complex behavior of modern, multilevel TLB's on several modern Intel microarchitectures that is undocumented, and will be publically presented for the first time.