oss-sec mailing list archives
CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures
From: Billy Brumley <bbrumley () gmail com>
Date: Fri, 2 Nov 2018 00:12:27 +0200
Howdy Folks, We recently discovered a new CPU microarchitecture attack vector. The nature of the leakage is due to execution engine sharing on SMT (e.g. Hyper-Threading) architectures. More specifically, we detect port contention to construct a timing side channel to exfiltrate information from processes running in parallel on the same physical core. Report is below. Thanks for reading! BBB # Report We steal an OpenSSL (<= 1.1.0h) P-384 private key from a TLS server using this new side-channel vector. It is a local attack in the sense that the malicious process must be running on the same physical core as the victim (an OpenSSL-powered TLS server in this case). ## Affected hardware SMT/Hyper-Threading architectures (verified on Skylake and Kaby Lake) ## Affected software OpenSSL <= 1.1.0h (but in general, software that has secret dependent control flow at any granularity; this particular application is a known vulnerability since 2009 only recently fixed) Ubuntu 18.04 (again, it is really a hardware issue, but anyway this distro is where we ran our experiments) ## Classification and rating Tracked by CVE-2018-5407. CWE wise, I would label it like CWE-208: Information Exposure Through Timing Discrepancy At a very high level (e.g. CVSS string), it is similar to this CVE: https://nvd.nist.gov/vuln/detail/CVE-2005-0109 But the underlying uarch component is totally different. Our attack has nothing to do with the memory subsystem or caching, and that CVE is specifically for data caching (e.g. some fixes for CVE-2005-0109 do not address this new attack vector at all). ## Disclosure timeline 01 Oct 2018: Notified Intel Security 26 Oct 2018: Notified openssl-security 26 Oct 2018: Notified CERT-FI 26 Oct 2018: Notified oss-security distros list 01 Nov 2018: Embargo expired ## Fix Disable SMT/Hyper-Threading in the bios Upgrade to OpenSSL 1.1.1 (or >= 1.1.0i if you are looking for patches) ## Credit Billy Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri (Tampere University of Technology, Finland) Alejandro Cabrera Aldaya (Universidad Tecnologica de la Habana CUJAE, Cuba) ## Refs https://marc.info/?l=openbsd-cvs&m=152943660103446 https://marc.info/?l=openbsd-tech&m=153504937925732 ## Exploit Attached exploit code (password "infected") should work out of the box for Skylake and Kaby Lake. Said code, soon to be followed by a preprint with all the nitty-gritty details, is also here: https://github.com/bbbrumley/portsmash
Attachment:
spy.zip
Description:
Current thread:
- CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Billy Brumley (Nov 01)
- Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Solar Designer (Nov 02)
- Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Billy Brumley (Nov 02)
- Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Solar Designer (Nov 06)
- Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Billy Brumley (Nov 06)
- Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Marc Deslauriers (Nov 09)
- Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Billy Brumley (Nov 09)
- Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Billy Brumley (Nov 12)
- Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Marc Deslauriers (Nov 12)
- Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Billy Brumley (Nov 02)
- Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Solar Designer (Nov 02)
- <Possible follow-ups>
- Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Cesar Pereida Garcia (Nov 06)