New side-channel vulnerability confirmed in Kaby Lake and Skylake CPUs

SMT allows for multi-threaded parallel processing, but has an apparent security flaw. (Source: Wikipedia)

A new CVE may enable yet another side-channel exploit in Intel processors. This vulnerability, known as CVE-2018-5407 (or "PortSmash"), targets Hyper-Threading (or simultaneous multi-threading (SMT)). It is confirmed as effective in Skylake and Kaby Lake chips, and could affect others.

Deirdre O Donnell, Published 11/02/2018

A team of researchers from the Tampere University of Technology in Finland and the University of Technology in Habana have reported the discovery of a new CVE which (again) affects Intel CPUs. This exploit has been classified as CVE-2018-5407, and is also known as PortSmash. It is another new side-channel exploit that leverages Intel Hyper-Threading (or simultaneous multi-threading (SMT)) to potentially steal data.

The Tampere/Habana team assert that the exploit can enable a hacker to run their process in a thread alongside a target process and steal from it, so long as they get the parallel-processing timing right. Accordingly, they have demonstrated the ability to steal a private SSL key from a TLS server using PortSmash.

The CVE has been confirmed as operable in Skylake or Kaby Lake CPUs, and could also affect other processors with SMT or Hyper-Threading. The work on PortSmash is to be found on GitHub and OpenWall, and will also be published in an upcoming article. Its authors suggest ensuring that OpenSSL is updated to a version later than 1.1.0i as a preventative measure against PortSmash. Intel has been informed of this issue, but is yet to respond (correct at time of writing).

Source(s)

GitHub

https://github.com/bbbrumley/portsmash OpenWall

Google Camera could have been used for some extremely shady hacking activities. (Source: XDA)

The cameras on "hundreds of millions" of Android phones could have been hijacked 11/19/2019

PC-Doctor Tool For Windows is also believed to be vulnerable to cyber attacks. (Image source: Lifewire)

Cybersecurity company finds worrying vulnerability affecting millions of Dell laptops and desktops 06/22/2019

The new Cascade Lake-X high-end desktop processors could be launched at Computex. (Image source: TweakTown)

Intel Cascade Lake-X HEDT processor appears on SiSoftware's Sandra benchmark database 04/26/2019

The Intel Core i9-9990XE is now available for users to buy. (Source: TrustedReviews)

Skylake-X Intel Core i9-9990XE CPU now available for €2,999 or snap up an i9-9990XE-based desktop PC for €12,999.90 04/12/2019

SplitSpectre threatens both Intel and AMD processors (Source: ZDNet)

The phantom returns: Researchers discover a new Spectre CPU attack, name it SplitSpectre 12/04/2018

MIT's DAWG could easily be integrated in OS updates, and it is said to be less taxing on the overall system performance. (Source: Bit-Tech)

MIT provides alternative solution for Spectre-like CPU bugs 10/19/2018

Windows 10 19H1 is currently available as an insider's preview. (Source: Windows Latest)

2019 Windows update may address Spectre patch-related performance issues 10/19/2018

Two prominent VPN providers have needed to push updates for vulnerabilities in their systems. (Source: danielmiessler.com)

NordVPN and ProtonVPN obliged to push updates to patch new CVEs 09/11/2018

Intel will eventually bake security fixes into its next-generation of silicon. (Source: Intel)

Intel plans to offload CPU malware scanning to iGPUs in new Spectre / Meltdown fix 04/17/2018

Intel seems optimistic about any financial losses that could occur with all the litigations queuing up. (Source: Tech Viral)

Meltdown / Spectre CPU vulnerabilities brought Intel 32 lawsuits in 1.5 months 02/19/2018

The new variants might cause some problems for Intel's and AMD's already announced hardware fixes. (Source: Heise.de)

Two new Meltdown and Spectre variants discovered 02/16/2018

The Chinese knew of Meltdown and Spectre much before the US Government according to The WSJ. (Source: Reddit)

Intel alerted select corporations about Meltdown/Spectre, China speculated to have known about it before the US 01/30/2018

Loading Comments

Comment on this article

Alienware m15 with i5 and GTX 1060 ...

Apple to cease sharing sales figure...

Deirdre O'Donnell - Senior Tech Writer - 5901 articles published on Notebookcheck since 2018

I became a professional writer and editor shortly after graduation. My degrees are in biomedical sciences; however, they led to some experience in the biotech area, which convinced me of its potential to revolutionize our health, environment and lives in general. This developed into an all-consuming interest in more aspects of tech over time: I can never write enough on the latest electronics, gadgets and innovations. My other interests include imaging, astronomy, and streaming all the things. Oh, and coffee.

contact me via: LinkedIn

Please share our article, every link counts!

.170

> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2018 11 > New side-channel vulnerability confirmed in Kaby Lake and Skylake CPUs

Deirdre O Donnell, 2018-11- 2 (Update: 2018-11- 2)

New side-channel vulnerability confirmed in Kaby Lake and Skylake CPUs

Source(s)

Related Articles