Wind River Support Network

HomeSafety and Security NoticesWind River Security Vulnerability Notice: CVE-2018-5407 - side-channel vulnerability on SMT/Hyper-Threading architectures (aka PortSmash)
Recommended

Wind River Security Vulnerability Notice: CVE-2018-5407 - side-channel vulnerability on SMT/Hyper-Threading architectures (aka PortSmash)

Released: Nov 7, 2018     Updated: Nov 13, 2018

Summary

Wind River Security Vulnerability Notice: CVE-2018-5407 - side-channel vulnerability on SMT/Hyper-Threading architectures (aka PortSmash)

Affected Product Versions

Wind River Linux LTS 17, Wind River Linux 9, Wind River Linux 6, Wind River Linux 7, Wind River Linux 8

Description

CVE-2018-5407 is also known as "PortSmash”. It refers to a vulnerability whereby an attacker can use a side channel attack based on contention between software running in parallel using Simultaneous Multithreading (SMT) within the same core to retrieve secrets.

For more information, consult NVD at https://nvd.nist.gov/vuln/detail/CVE-2018-5407.

Affected hardware


This type of attack has been verified on both Skylake and Kaby Lake cores according to the security researcher. It likely affects additional SMT capable CPUs, but they have not been evaluated at this time.

For more information on specific hardware affected, consult your hardware vendor.

Mitigation


Many embedded systems have mitigations in place for this type of attack. An exploit requires attack code be loaded to run locally on the CPU. By preventing the execution of untrusted software on the device, the necessary exploit code cannot be run.

If the ability to run untrusted software on the device is required, a mitigation is to disable SMT, if available, on affected CPU.

What software is known to be affected by this CVE?


An exploit requires that certain code structures will be run on the same core, but in a different thread as the application processing sensitive information.
The security researcher has determined that some versions of OpenSSL may be affected by this issue. The specific issue identified has to do with OpenSSL branching based on a secret value.

There are different types of math and branch functions that may be used to avoid this type of timing attack on a non-SMT system, many of which are already in use by OpenSSL and others.

OpenSSL has issued a security advisory indicating that this is a Low severity issue. The advisory also indicates OpenSSL 1.1.1 is NOT affected by this issue, OpenSSL 1.1.0 is affected by the issue, as well as OpenSSL 1.0.2. Wind River has further investigated and believes that OpenSSL 1.0.1 and OpenSSL 1.0.0 are also affected by this issue.

Other software components are not known to be affected at this time, but it is possible that other software may use these code patterns.

Is Wind River Linux affected by this CVE issue?


Wind River Linux 6 and 7 use OpenSSL 1.0.1.
Wind River Linux 8, 9 and LTS-17 use OpenSSL 1.0.2.

Wind River will continue to monitor the various Open Source projects and will incorporate fixes as appropriate to supported products.

Additional References


https://www.openssl.org/news/secadv/20181112.txt
https://www.openwall.com/lists/oss-security/2018/11/01/4
https://www.openssl.org/news/vulnerabilities.html
https://nvd.nist.gov/vuln/detail/CVE-2018-5407
https://github.com/bbbrumley/portsmash
https://eprint.iacr.org/2018/1060.pdf

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube