facebook rss twitter

Side-channel vulnerability called PortSmash detailed

by Mark Tyson on 5 November 2018, 10:01

Tags: Intel (NASDAQ:INTC)

Quick Link: HEXUS.net/qadzbi

Add to My Vault: x

Please log in to view Printer Friendly Layout

A new vulnerability in Intel, and possibly AMD, processors has been detailed and exploited in tests by a team of researchers from universities in Finland and Cuba. Dubbed PortSmash, the vulnerability is another classed as a side-channel attack in that one process running on a Hyperthreaded (HT) / Simultaneous Multithreading (SMT) processor can spy on another which is running on a partner thread.

News of PortSmash (CVE-2018-5407) broke just ahead of the weekend and code proof of concept, available on GitHub, demonstrates the attack works on Intel Skylake and Kaby Lake CPUs. This code was purposely limited so it could only target OpenSSL - and fixes have already been added to OpenSSL 1.1.1. The researchers strongly suspect that other architectures featuring SMT, especially AMD Ryzen systems, are also vulnerable to PortSmash style exploits.

While PortSmash is, as we said, another side-channel attack like Spectre, Meltdown or Foreshadow, the researchers say it is not that similar in other aspects. "Our attack has nothing to do with the memory subsystem or caching," one of the project researchers, Billy Brumley, told ZDNet. "The nature of the leakage is due to execution engine sharing on SMT (e.g. Hyper-Threading) architectures. More specifically, we detect port contention to construct a timing side-channel to exfiltrate information from processes running in parallel on the same physical core".

PortSmash requirements

Brumley says that PortSmash requires malicious code to be running on the same physical core as the victim - but insists this isn't a huge hurdle. He postulates that attackers could "try to co-locate VMs with victims to end up running the exploit on the same physical core as the victim, but different logical core". Furthermore, PortSmash "definitely does not need root privileges," he said. Brumley hopes to "kill off the SMT trend in chips," on the gounds of security.

Intel was told about PortSmash on 1st Oct 2018 and readied a patch by 1st Nov. The following statement was provided by Intel as the PortSmash vulnerability news broke and reverberated:

"Intel received notice of the research. This issue is not reliant on speculative execution, and is therefore unrelated to Spectre, Meltdown or L1 Terminal Fault. We expect that it is not unique to Intel platforms. Research on side-channel analysis methods often focuses on manipulating and measuring the characteristics, such as timing, of shared hardware resources. Software or software libraries can be protected against such issues by employing side channel safe development practices. Protecting our customers' data and ensuring the security of our products is a top priority for Intel and we will continue to work with customers, partners and researchers to understand and mitigate any vulnerabilities that are identified."

 



HEXUS Forums :: 15 Comments

Login with Forum Account

Don't have an account? Register today!
Requiring to be run on the same core as the target is a massive stretch. Not sure how much risk i would associate with this vulnerability.
Tabbykatze
Requiring to be run on the same core as the target is a massive stretch. Not sure how much risk i would associate with this vulnerability.

Yeh, I was thinking this… It's not exactly the biggest vulnerability in the world ever.
No bother since Intel has switched off SMT for almost its whole consumer range now - what a coincidence(sorry at the cheap shot).

I wonder if Ryzen is affected??
CAT-THE-FIFTH
I wonder if Ryzen is affected??

Sounds like they think it will be. Guessing they went for the easy option first by hacking Intel and then decided to move onto AMD.

Another cheap shot.
philehidiot
Sounds like they think it will be. Guessing they went for the easy option first by hacking Intel and then decided to move onto AMD.

Another cheap shot.

I know just the people!! :p