CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures

From: Billy Brumley:

Date: Fri, 2 Nov 2018 00:12:27 +0200

Howdy Folks,

We recently discovered a new CPU microarchitecture attack vector. The
nature of the leakage is due to execution engine sharing on SMT (e.g.
Hyper-Threading) architectures. More specifically, we detect port contention to construct a timing side channel to exfiltrate information from processes running in parallel on the same physical core. Report is below.[…]

## Credit

Billy Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri (Tampere University of Technology, Finland) Alejandro Cabrera Aldaya (Universidad Tecnologica de la Habana CUJAE, Cuba)

## Refs

https://marc.info/?l=openbsd-cvs&m=152943660103446
https://marc.info/?l=openbsd-tech&m=153504937925732

## Exploit

Attached exploit code (password “infected”) should work out of the box for Skylake and Kaby Lake. Said code, soon to be followed by a preprint with all the nitty-gritty details, is also here:

https://github.com/bbbrumley/portsmash

https://seclists.org/oss-sec/2018/q4/123

https://seclists.org/oss-sec/2018/q4/123

https://access.redhat.com/security/cve/cve-2017-5407

https://nvd.nist.gov/vuln/detail/CVE-2018-5407

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s