Date: Fri, 2 Nov 2018 00:12:27 +0200 From: Billy Brumley <bbrumley@...il.com> To: oss-security@...ts.openwall.com Subject: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Howdy Folks, We recently discovered a new CPU microarchitecture attack vector. The nature of the leakage is due to execution engine sharing on SMT (e.g. Hyper-Threading) architectures. More specifically, we detect port contention to construct a timing side channel to exfiltrate information from processes running in parallel on the same physical core. Report is below. Thanks for reading! BBB # Report We steal an OpenSSL (<= 1.1.0h) P-384 private key from a TLS server using this new side-channel vector. It is a local attack in the sense that the malicious process must be running on the same physical core as the victim (an OpenSSL-powered TLS server in this case). ## Affected hardware SMT/Hyper-Threading architectures (verified on Skylake and Kaby Lake) ## Affected software OpenSSL <= 1.1.0h (but in general, software that has secret dependent control flow at any granularity; this particular application is a known vulnerability since 2009 only recently fixed) Ubuntu 18.04 (again, it is really a hardware issue, but anyway this distro is where we ran our experiments) ## Classification and rating Tracked by CVE-2018-5407. CWE wise, I would label it like CWE-208: Information Exposure Through Timing Discrepancy At a very high level (e.g. CVSS string), it is similar to this CVE: https://nvd.nist.gov/vuln/detail/CVE-2005-0109 But the underlying uarch component is totally different. Our attack has nothing to do with the memory subsystem or caching, and that CVE is specifically for data caching (e.g. some fixes for CVE-2005-0109 do not address this new attack vector at all). ## Disclosure timeline 01 Oct 2018: Notified Intel Security 26 Oct 2018: Notified openssl-security 26 Oct 2018: Notified CERT-FI 26 Oct 2018: Notified oss-security distros list 01 Nov 2018: Embargo expired ## Fix Disable SMT/Hyper-Threading in the bios Upgrade to OpenSSL 1.1.1 (or >= 1.1.0i if you are looking for patches) ## Credit Billy Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri (Tampere University of Technology, Finland) Alejandro Cabrera Aldaya (Universidad Tecnologica de la Habana CUJAE, Cuba) ## Refs https://marc.info/?l=openbsd-cvs&m=152943660103446 https://marc.info/?l=openbsd-tech&m=153504937925732 ## Exploit Attached exploit code (password "infected") should work out of the box for Skylake and Kaby Lake. Said code, soon to be followed by a preprint with all the nitty-gritty details, is also here: https://github.com/bbbrumley/portsmash Download attachment "spy.zip" of type "application/zip" (76765 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.