CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures (Fri, 2 Nov 2018)

CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures (Fri, 2 Nov 2018)

Spectre is a vulnerability that affects modern microprocessors that perform branch prediction. On most processors, the speculative execution resulting from a branch misprediction may leave observable side effects that may reveal private data to attackers. As predicted, there are more and more branch prediction processor attacks are discovered soon!

Hey guys, if you are interested to read the details, please refer to below URL for reference.
https://seclists.org/oss-sec/2018/q4/123

In short, the design weakness let the processes running in parallel on the same physical core. The malicious process can thus measure the delay in the execution of its operations for target destination (port), and determine when the victim process is using the same destination (port). If victim process is a crypto operation. This is the way which causes possibilities recover a private key.

Proof of concept (GitHub)
https://github.com/bbbrumley/portsmash

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.