A second vulnerability related to hyperthreading, in which a new vulnerability 'Portsmash' is discovered by Intel's CPU

When a malicious attacker uses a vulnerability "Specter" "Meltdown" found in Intel's CPU in early 2018 and a vulnerability " Foreshadow " found in August of the same year, etc., the PC and some smart phones You can access the processor and steal information such as passwords and secret keys . Also, this attack was a major problem as it can not be detected or defended by traditional security. Similar to "Spectre", "Meltdown", and "Foreshadow", security researchers have announced the existence of a new vulnerability " Portsmash (CVE-2018-5407) " existing on Intel CPUs that are already circulated It is said that there is a possibility that it may affect chipmakers other than Intel.

GitHub - bbbrumley / portsmash
https://github.com/bbbrumley/portsmash

Intel CPUs fall to new hyperthreading exploit that pilfers crypto keys | Ars Technica
https://arstechnica.com/information-technology/2018/11/intel-cpus-fall-to-new-hyperthreading-exploit-that-pilfers-crypto-keys/

The newly discovered vulnerability "Portsmash (CVE - 2018 - 5407)" is based on the side channel overlooked by Intel 's Hyper - Threading Technology .

Hyper-Threading Technology is a technology that enables to shorten the time required for processing parallel computing tasks such as simultaneous multithreading (SMT) implementation that involves numerous calculations or executions at the same time. This performance improvement is made possible by two logical processor cores sharing one physical processor, and the logical processor core divides a large task into smaller ones, so that the whole task can be processed more quickly It is possible.

Intel® Hyper-Threading Technology

"Portsmash" reported as a vulnerability related to such hyperthreading is able to steal private key from TLS server operating on OpenSSL.

Specifically, operate a TLS server on an Ubuntu machine equipped with Intel's Skylake or Kaby Lake generation processors, send instructions to a single logical processor core of the machine CPU, and carefully measure the time required for execution. Then, it was possible to infer the secret key to be processed from another logical processor core of the same CPU. This is a phenomenon that occurs by allocating multiple instructions to various ports using the same physical processor.

The security blog of SIOS Technology that provides security services also reported that "With this vulnerability, the research team was able to steal the P - 384 private key of OpenSSL (1.1.0 h or less) from the TLS server" I will.

Although this vulnerability "Portsmash" affects both the PC and the server, it is thought that it has a major impact on the server. Also, Portsmash has high portability and requires minimal assumptions for execution, so it can be exploited without knowledge of memory cache line, machine learning, reverse engineering etc.

by Markus Spiske

Billy Bob Bremley who is a professor at the Tampere University of Technology in Finland and the author of the paper on Portsmash said that vulnerabilities other than Skylake and Kaby Lake generation chips will be effective if slight modifications are made to the attack code It is predicting. "We strongly suspect AMD's Ryzen architecture adopting SMT is vulnerable and we will clarify it in future work."

Mr. Bremley cites attacks targeting Infrastructure as a Service (IaaS) as the most realistic scenario in case of exploiting Portsmash. "Personally, the remote login scenario seems to be the biggest threat", and a malicious user with credential information logs in via SSH, compiles malicious code, To point out the possibility of extracting information from other processes being executed in parallel.

PortSmash is a vulnerability targeting Hyper-Threading, following " TLBleed " published in June 2018. With the discovery of TLBleed, we recommended that developers disable Hyper-Threading on OS-based "OpenBSD" which emphasizes security. Mr. Bremley who discovered PortSmash recommends that the user disable SMT in the BIOS, or that the application use code that is port independent, "OS developers should disable SMT at startup" I said.

by Alexandru-Bogdan Ghita

PortSmash is a vulnerability that poses a threat to users when using trusted computers and services that allow untrusted people to use the same physical processor of the machine. People who apply to such cases need to pay close attention to the research results and carefully consider the recommendations.

Intel said, "Since this problem does not depend on speculative execution, it is irrelevant to vulnerabilities such as Specter, Meltdown, and L1 Terminal Fault, and we believe that this vulnerability (Portsmash) is not unique to the Intel platform "In addition," To protect customer data and ensure product security is the top priority for Intel and we will continue to work with customers, partners and researchers to identify identified vulnerabilities I will understand and alleviate it. "