PT-2018-2020 · Intel+8 · Intel Processors+8

Published

2018-08-29

·

Updated

2024-06-15

·

CVE-2018-5407

CVSS v2.0

4.9

Medium

VectorAV:L/AC:L/Au:N/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions Intel processors of Skylake and Kaby Lake architectures (affected versions not specified)
Description The issue is related to Simultaneous Multi-threading (SMT) in processors, which can be exploited by local users via a side-channel timing attack on 'port contention'. This vulnerability may allow an attacker to reveal protected information. The PortSmash side-channel attack can be used to leak encrypted data from the CPU's internal processes by running a malicious process next to legitimate processes using the architecture's parallel thread running capabilities.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

LPE

Side Channel Attack

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-203CWE-208CWE-200

Related Identifiers

ALT-PU-2018-2246
ALT-PU-2020-1123
ALT-PU-2020-1124
ALT-PU-2020-1125
ALT-PU-2020-1126
ALT-PU-2020-1127
ALT-PU-2020-1436
ALT-PU-2020-1437
ALT-PU-2020-1438
ALT-PU-2020-1439
ALT-PU-2020-1440
BDU:2018-01636
CESA-2019_0483
CESA-2019_2125
CVE-2018-5407
DLA-1586-1
DSA-4348-1
DSA-4355-1
MGASA-2018-0470
OPENSUSE-SU-2018_3903-1
OPENSUSE-SU-2018_4050-1
OPENSUSE-SU-2018_4104-1
OPENSUSE-SU-2019_0088-1
OPENSUSE-SU-2019_0234-1
OPENSUSE-SU-2024:11126-1
RHSA-2019:0483
RHSA-2019:2125
RHSA-2019:3929
RHSA-2019:3932
RHSA-2019:3933
RHSA-2019_0483
RHSA-2019_2125
SUSE-FU-2022:0445-1
SUSE-SU-2018:3864-1
SUSE-SU-2018:3864-2
SUSE-SU-2018:3866-1
SUSE-SU-2018:3964-1
SUSE-SU-2018:3989-1
SUSE-SU-2018:4001-1
SUSE-SU-2018:4068-1
SUSE-SU-2018:4274-1
SUSE-SU-2019:0117-1
SUSE-SU-2019:0395-1
SUSE-SU-2019:1553-1
USN-3840-1

Affected Products

Alt Linux
Centos
Ibm Aix
Intel Processors
Openssl
Red Hat
Suse
Ubuntu
Virtualbox