icon

We found results for “

CVE-2018-5407

Date: November 15, 2018

Overview

This is a side-channel vulnerability that targets Simultaneous Multi-Threading architecture implementation, such as Hyper-Threading microprocessors. The attacker runs a process on the same physical core as the victim to disclose sensitive information from the victim’s processes.

Details

Simultaneous Multi-Threading is a processor implementation leveraging parallelism to enhance its computational capabilities. SMT processors can achieve both thread-level and instruction-level parallelism. As a result, each CPU cycle can process multiple instructions from multiple threads. While efficiency and performance are dramatically improved, this CPU architecture creates a window for exploitation. The attacker targets a selected victim process and runs malicious code on the same core. By analyzing the time it takes to execute its own instructions, the attacker can determine the time taken by the victim’s instructions. Thus, disclosure of secret victim information can be achieved. If the victim process is encrypting some data, a successful attack can reveal the encryption key by running malicious code on the same physical core. At the software level, a vulnerable application is also required. For instance, OpenSSL that has secret dependent control flow at any granularity level.

Affected Environments

Microprocessors utilizing SMT architectures Open SSL versions prior to 1.1.0h

Remediation

Disable Hyper-Threading via OS or BIOS

Prevention

Disable Hyper-Threading Use unaffected versions of Open SSL

Language: C#

Good to know:

icon

Information Leak / Disclosure

CWE-200
icon

Upgrade Version

Upgrade to version OpenSSL_1_1_0i,OpenSSL_1_1_1

Learn More

Base Score:
Attack Vector (AV): Local
Attack Complexity (AC): High
Privilegs Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): None
Availability (A): None
Base Score:
Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (AU): None
Confidentiality (C): Partial
Integrity (I): None
Availability (A): None
Additional information: