New PortSmash Side-Channel Vulnerability (CVE-2018-5407)

A new vulnerability being called PortSmash, (CVE-2018-5407) has been discovered impacting all CPUs that use a Simultaneous Multithreading (SMT) architecture.  SMT is a technology that allows multiple computing threads to be executed simultaneously on a CPU core.

PortSmash is being classified as a  side-channel attack which is technique used for leaking encrypted data from a computer’s memory or CPU, that will also record and analyze discrepancies in operation times, power consumption, electromagnetic leaks, or even sound to gain additional info that may help break encryption algorithms and recovering the CPU’s processed data.

An example on how the attack may work:

A malicious process next to legitimate processes using SMT’s parallel thread running capabilities. The malicious PortSmash process than leaks small amounts of data from the legitimate process, helping an attacker reconstruct the encrypted data processed inside the legitimate process.

The team that discovered the vulnerability published a proof-of-concept (PoC) code on GitHub that demonstrates a PortSmash attack on Intel Skylake and Kaby Lake CPUs.

To rectify the issue, organizations are urged to install an Intel provided patch that has been released prior to the PortSmash proof-of-concept being released or to disable SMT/Hyper-Threading in the CPU chip’s BIOS until you are able to install the security patches.

PortSmash has joined the list of newly discovered side-channel vulnerabilities such as TLBleed, Meltdown, Foreshadow and Spectre.