This is a side-channel vulnerability that targets Simultaneous Multi-Threading architecture implementation, such as Hyper-Threading microprocessors. The attacker runs a process on the same physical core as the victim to disclose sensitive information from the victim’s processes.
Simultaneous Multi-Threading is a processor implementation leveraging parallelism to enhance its computational capabilities. SMT processors can achieve both thread-level and instruction-level parallelism. As a result, each CPU cycle can process multiple instructions from multiple threads. While efficiency and performance are dramatically improved, this CPU architecture creates a window for exploitation. The attacker targets a selected victim process and runs malicious code on the same core. By analyzing the time it takes to execute its own instructions, the attacker can determine the time taken by the victim’s instructions. Thus, disclosure of secret victim information can be achieved. If the victim process is encrypting some data, a successful attack can reveal the encryption key by running malicious code on the same physical core. At the software level, a vulnerable application is also required. For instance, OpenSSL that has secret dependent control flow at any granularity level.
Microprocessors utilizing SMT architectures Open SSL versions prior to 1.1.0h
Disable Hyper-Threading via OS or BIOS
Disable Hyper-Threading Use unaffected versions of Open SSL