PortSmash: A New Side-Channel Vulnerability Affecting SMT/HT Processors (CVE-2018-5407)
A new CPU side-channel vulnerability made public today that's unrelated to Spectre and Meltdown speculative execution vulnerabilities is dubbed "PortSmash" but more formerly referred to as CVE-2018-5407.
University researchers discovered this side-channel vulnerability that results in data leakage due to execution engine sharing on processors with Simultaneous Multi-Threading, like Hyper Threading on Intel CPUs. This can lead to stealing a private key from a TLS server in a reported example. PortSmash can leak encrypted data from the CPU. Most of the research thus far has been around Intel processors with Hyper Threading but it's believed other CPUs with SMT like IBM POWER and AMD CPUs are also potentially affected.
Proof of concept code was posted today to GitHub while more technical details can be found via oss-security. The workaround to avoid the side-channel vulnerability is to disable SMT/HT from the BIOS.
Update: The statement Intel provided on PortSmash sent over is: "Intel received notice of the research. This issue is not reliant on speculative execution, and is therefore unrelated to Spectre, Meltdown or L1 Terminal Fault. We expect that it is not unique to Intel platforms. Research on side-channel analysis methods often focuses on manipulating and measuring the characteristics, such as timing, of shared hardware resources. Software or software libraries can be protected against such issues by employing side channel safe development practices. Protecting our customers' data and ensuring the security of our products is a top priority for Intel and we will continue to work with customers, partners and researchers to understand and mitigate any vulnerabilities that are identified."
University researchers discovered this side-channel vulnerability that results in data leakage due to execution engine sharing on processors with Simultaneous Multi-Threading, like Hyper Threading on Intel CPUs. This can lead to stealing a private key from a TLS server in a reported example. PortSmash can leak encrypted data from the CPU. Most of the research thus far has been around Intel processors with Hyper Threading but it's believed other CPUs with SMT like IBM POWER and AMD CPUs are also potentially affected.
Proof of concept code was posted today to GitHub while more technical details can be found via oss-security. The workaround to avoid the side-channel vulnerability is to disable SMT/HT from the BIOS.
Update: The statement Intel provided on PortSmash sent over is: "Intel received notice of the research. This issue is not reliant on speculative execution, and is therefore unrelated to Spectre, Meltdown or L1 Terminal Fault. We expect that it is not unique to Intel platforms. Research on side-channel analysis methods often focuses on manipulating and measuring the characteristics, such as timing, of shared hardware resources. Software or software libraries can be protected against such issues by employing side channel safe development practices. Protecting our customers' data and ensuring the security of our products is a top priority for Intel and we will continue to work with customers, partners and researchers to understand and mitigate any vulnerabilities that are identified."
46 Comments