Researchers have developed a new CPU side-channel attackcalled PortSmash which takes advantage of a vulnerability in Intel CPUs withsimultaneous multi-threading (SMT, known as Hyper-Threading on Intel devices)enabled.
A proof-of-concept exploit developed by the researchers uses a timing attack tosteal information from other processes running in the same CPU core with SMTenabled. Using this method, researchers were able to determine the privatedecryption key from an OpenSSL thread running in the same core as their exploit.
Intel Core – Skylake and Kaby Lake series CPUs with SMT enabled
OpenSSL – Version 1.1.0h and later
At time of publication the only way to mitigatethis vulnerability is by disabling SMT/Hyper-Threading via the BIOS oroperating system.
Users and administrators are encouraged to visit the Intel Product SecurityCenter Advisories page and check for any advice or security updates that maybecome available.
Users and administrators of OpenSSL are encouraged to review the security fixesfor side channel attacks which can be found linked on the information SharingPortal and apply the necessary updates.
For further information see: