Computing Processor PortSmash Side-Channel Information Disclosure Vulnerability



A vulnerability in the design of most modern CPUs using Simultaneous Multithreading (SMT)/Hyper-Threading could allow a local attacker to access sensitive information on a targeted system.

The vulnerability exists in the execution engine sharing functionality on SMT/Hyper-Threading architectures and is due to port contention. An attacker with sufficient system access to execute code on a parallel thread of a targeted CPU core could exploit the vulnerability by targeting ports to stacks of execution units in order to create a high-resolution timing side-channel. A successful exploit could allow the attacker to use side-channel timing attacks to access sensitive information on the system.

Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.

Intel has not confirmed the vulnerability and software updates are not available.

Security Impact Rating: Medium

Source:: Cisco Multivendor Vulnerability Alerts