Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 2 Nov 2018 00:12:27 +0200
From: Billy Brumley <>
Subject: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures

Howdy Folks,

We recently discovered a new CPU microarchitecture attack vector. The
nature of the leakage is due to execution engine sharing on SMT (e.g.
Hyper-Threading) architectures. More specifically, we detect port
contention to construct a timing side channel to exfiltrate
information from processes running in parallel on the same physical
core. Report is below.

Thanks for reading!


# Report

We steal an OpenSSL (<= 1.1.0h) P-384 private key from a TLS server
using this new side-channel vector. It is a local attack in the sense
that the malicious process must be running on the same physical core
as the victim (an OpenSSL-powered TLS server in this case).

## Affected hardware

SMT/Hyper-Threading architectures (verified on Skylake and Kaby Lake)

## Affected software

OpenSSL <= 1.1.0h (but in general, software that has secret dependent
control flow at any granularity; this particular application is a
known vulnerability since 2009 only recently fixed)

Ubuntu 18.04 (again, it is really a hardware issue, but anyway this
distro is where we ran our experiments)

## Classification and rating

Tracked by CVE-2018-5407.

CWE wise, I would label it like

CWE-208: Information Exposure Through Timing Discrepancy

At a very high level (e.g. CVSS string), it is similar to this CVE:

But the underlying uarch component is totally different. Our attack
has nothing to do with the memory subsystem or caching, and that CVE
is specifically for data caching (e.g. some fixes for CVE-2005-0109 do
not address this new attack vector at all).

## Disclosure timeline

01 Oct 2018: Notified Intel Security
26 Oct 2018: Notified openssl-security
26 Oct 2018: Notified CERT-FI
26 Oct 2018: Notified oss-security distros list
01 Nov 2018: Embargo expired

## Fix

Disable SMT/Hyper-Threading in the bios

Upgrade to OpenSSL 1.1.1 (or >= 1.1.0i if you are looking for patches)

## Credit

Billy Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola
Tuveri (Tampere University of Technology, Finland)
Alejandro Cabrera Aldaya (Universidad Tecnologica de la Habana CUJAE, Cuba)

## Refs

## Exploit

Attached exploit code (password "infected") should work out of the box
for Skylake and Kaby Lake. Said code, soon to be followed by a
preprint with all the nitty-gritty details, is also here:

Download attachment "" of type "application/zip" (76765 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.