New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data

Report Bugs, Issues and non- package Requests
Post Reply
Message
Author
User avatar
colin_b
Posts: 452
Joined: Sun Mar 19, 2017 7:21 pm

New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data

#1 Post by colin_b »

https://thehackernews.com/2018/11/ports ... ility.html

A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading feature enabled.

The vulnerability, codenamed PortSmash (CVE-2018-5407), has joined the list of other dangerous side-channel vulnerabilities discovered in the past year, including Meltdown and Spectre, TLBleed, and Foreshadow.

...

The simple fix for the PortSmash vulnerability is to disable SMT/Hyper-Threading in the CPU chip's BIOS until Intel releases security patches. OpenSSL users can upgrade to OpenSSL 1.1.1 (or >= 1.1.0i if you are looking for patches).

User avatar
handy
Posts: 611
Joined: Mon Apr 23, 2018 2:00 pm

Re: New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data

#2 Post by handy »

1_MSI: MAG B560 TORP', i5, RAM 16GB, GTX 1070 Ti 12GB, M2 238GB + USB, MX-23 Fb to Openbox
2_Lenovo: Ideapad 520S, i5, RAM 8GB, GPU i620, HDD 1TB, MX-21 - Openbox
3_Clevo: P150SM-A, i7, RAM 16GB, nVidia 8600, 2x 1TB HDD & M.2 256 GB, MX-21 - Openbox

User avatar
colin_b
Posts: 452
Joined: Sun Mar 19, 2017 7:21 pm

Re: New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data

#3 Post by colin_b »

handy wrote: Sun Nov 04, 2018 7:21 pm More here: viewtopic.php?f=6&t=46809
I missed that :embarrassed:

User avatar
handy
Posts: 611
Joined: Mon Apr 23, 2018 2:00 pm

Re: New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data

#4 Post by handy »

colin_b wrote: Sun Nov 04, 2018 7:38 pm
handy wrote: Sun Nov 04, 2018 7:21 pm More here: viewtopic.php?f=6&t=46809
I missed that :embarrassed:
It is easily done. ;)
1_MSI: MAG B560 TORP', i5, RAM 16GB, GTX 1070 Ti 12GB, M2 238GB + USB, MX-23 Fb to Openbox
2_Lenovo: Ideapad 520S, i5, RAM 8GB, GPU i620, HDD 1TB, MX-21 - Openbox
3_Clevo: P150SM-A, i7, RAM 16GB, nVidia 8600, 2x 1TB HDD & M.2 256 GB, MX-21 - Openbox

Post Reply

Return to “Bugs and Non-Package Requests Forum”