From: Billy Brumley:
Date: Fri, 2 Nov 2018 00:12:27 +0200
Howdy Folks,
We recently discovered a new CPU microarchitecture attack vector. The
nature of the leakage is due to execution engine sharing on SMT (e.g.
Hyper-Threading) architectures. More specifically, we detect port contention to construct a timing side channel to exfiltrate information from processes running in parallel on the same physical core. Report is below.[…]
## Credit
Billy Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri (Tampere University of Technology, Finland) Alejandro Cabrera Aldaya (Universidad Tecnologica de la Habana CUJAE, Cuba)
## Refs
https://marc.info/?l=openbsd-cvs&m=152943660103446
https://marc.info/?l=openbsd-tech&m=153504937925732
## Exploit
Attached exploit code (password “infected”) should work out of the box for Skylake and Kaby Lake. Said code, soon to be followed by a preprint with all the nitty-gritty details, is also here:
https://github.com/bbbrumley/portsmash
https://seclists.org/oss-sec/2018/q4/123
https://seclists.org/oss-sec/2018/q4/123
https://access.redhat.com/security/cve/cve-2017-5407
https://nvd.nist.gov/vuln/detail/CVE-2018-5407
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407
https://twitter.com/CesarPereidaG/status/1058296725419507712
Firmware Security 