CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures

From: Billy Brumley:

Date: Fri, 2 Nov 2018 00:12:27 +0200

Howdy Folks,

We recently discovered a new CPU microarchitecture attack vector. The
nature of the leakage is due to execution engine sharing on SMT (e.g.
Hyper-Threading) architectures. More specifically, we detect port contention to construct a timing side channel to exfiltrate information from processes running in parallel on the same physical core. Report is below.[…]

## Credit

Billy Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri (Tampere University of Technology, Finland) Alejandro Cabrera Aldaya (Universidad Tecnologica de la Habana CUJAE, Cuba)

## Refs

## Exploit

Attached exploit code (password “infected”) should work out of the box for Skylake and Kaby Lake. Said code, soon to be followed by a preprint with all the nitty-gritty details, is also here:

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s