A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to detect protected sensitive data, such as passwords and cryptographic keys.
Vulnerability, codenamed PortSmash (CVE-2018-5407), It has joined the list of other dangerous side-channel vulnerabilities discovered in the past year, including Meltdown and Spectre, TLBleed and Foreshadow.
Discovered by a team of security researchers from the Tampere University of Technology in Finland and the Technical University of Havana, Cuba, the new side-channel vulnerability resides in Intel Hyper-Threading Technology, enterprise implementation of simultaneous MultiThreading (SMT). Simultaneous MultiThreading is a performance feature that works by dividing each physical core of a processor into virtual cores, known as threads, allowing each core to execute two instruction streams at once. As SMT runs two threads in two independent processes side by side on the same physical core to improve performance, It is possible for one process to see a surprising amount of the work that the other is doing.
In short, an attacker can run a malicious PortSmash process along with a selected process from the victim on the same CPU core, allowing PortSmash code to snoop on operations performed by the other process.
To demonstrate the effects of this vulnerability published on Github, Researchers tested the PortSmash attack against the OpenSSL cryptography library (Version no higher than 1.1.0h) and managed to steal the private decryption key using a malicious process (exploit) running on the same physical core as OpenSSL.
While the PortSmash attack was confirmed to work on Intel's Kaby Lake and Skylake processors, researchers believe the attack would work on other SMT architectures, including AMD's, with some modifications to its code.
The simple solution for the PortSmash vulnerability is to disable SMT / Hyper-Threading in the CPU Chip BIOS until Intel Releases Security Patches. OpenSSL users can upgrade to OpenSSL 1.1.1 or 1.1.0i, If you're looking for patches.