Notebookcheck Logo
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

New side-channel vulnerability confirmed in Kaby Lake and Skylake CPUs

SMT allows for multi-threaded parallel processing, but has an apparent security flaw. (Source: Wikipedia)
SMT allows for multi-threaded parallel processing, but has an apparent security flaw. (Source: Wikipedia)
A new CVE may enable yet another side-channel exploit in Intel processors. This vulnerability, known as CVE-2018-5407 (or "PortSmash"), targets Hyper-Threading (or simultaneous multi-threading (SMT)). It is confirmed as effective in Skylake and Kaby Lake chips, and could affect others.
Deirdre O Donnell,
Kaby Lake Security Software Windows Workstation Laptop Desktop

A team of researchers from the Tampere University of Technology in Finland and the University of Technology in Habana have reported the discovery of a new CVE which (again) affects Intel CPUs. This exploit has been classified as CVE-2018-5407, and is also known as PortSmash. It is another new side-channel exploit that leverages Intel Hyper-Threading (or simultaneous multi-threading (SMT)) to potentially steal data.

The Tampere/Habana team assert that the exploit can enable a hacker to run their process in a thread alongside a target process and steal from it, so long as they get the parallel-processing timing right. Accordingly, they have demonstrated the ability to steal a private SSL key from a TLS server using PortSmash.

The CVE has been confirmed as operable in Skylake or Kaby Lake CPUs, and could also affect other processors with SMT or Hyper-Threading. The work on PortSmash is to be found on GitHub and OpenWall, and will also be published in an upcoming article. Its authors suggest ensuring that OpenSSL is updated to a version later than 1.1.0i as a preventative measure against PortSmash. Intel has been informed of this issue, but is yet to respond (correct at time of writing). 

Source(s)

static version load dynamic
Loading Comments
Comment on this article
Deirdre O'Donnell
Deirdre O'Donnell - Senior Tech Writer - 5094 articles published on Notebookcheck since 2018
I became a professional writer and editor shortly after graduation. My degrees are in biomedical sciences; however, they led to some experience in the biotech area, which convinced me of its potential to revolutionize our health, environment and lives in general. This developed into an all-consuming interest in more aspects of tech over time: I can never write enough on the latest electronics, gadgets and innovations. My other interests include imaging, astronomy, and streaming all the things. Oh, and coffee.
contact me via: LinkedIn
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2018 11 > New side-channel vulnerability confirmed in Kaby Lake and Skylake CPUs
Deirdre O Donnell, 2018-11- 2 (Update: 2018-11- 2)