For those who came in late, TLBleed targets the translation lookaside buffer, a CPU cache. The side-channel vulnerability can be theoretically exploited to extract encryption keys and private information from programs.
Former NSA hacker Jake Williams said on Twitter that a fix would probably need changes to the core operating system and was likely to involve "a ton of work to mitigate (mostly app recompile)."
However, de Raadt warned that changing the kernel's process scheduler was not so easy.
He told ITWire that Williams was lacking all the details and not thinking it through. "They have sufficient detail to think it through: the article says the TLB is shared between hyperthreading CPUs, and it is unsafe to share between two different contexts. You can measure evictions against your mappings, which indicates the other process is touching memory (you can determine the aliasing factors)."
De Raadt said he was still not prepared to say more, saying: "Please wait for the paper [which is due in August]."