SoylentNews

takyon [soylentnews.org] writes:

Researchers Exploit Another Intel Hyper-Threading Flaw [tomshardware.com]

Five academics from the Tampere University of Technology in Finland and Technical University of Havana, Cuba, have discovered yet another flaw in Intel's Hyper-Threading [tomshardware.com] (HT) technology that attackers could use to steal users' encrypted data, as reported by ZDNet [zdnet.com] today.

Other CPUs that use Simultaneous Multithreading [tomshardware.com] (SMT) technology may also be affected by the bug, but so far only Intel's HT has been confirmed as vulnerable. SMT and HT are technologies that allow two or multiple computing threads to be executed on the same CPU core [tomshardware.com]. Intel enables two threads [tomshardware.com] per physical core with its HT technology.

[...] The vulnerability, which the researchers nicknamed PortSmash, allows attackers to create a malicious process that can run alongside another legitimate process using HT's parallel thread running capabilities. This malicious process can then leak information about the legitimate process and allow the attacker to reconstruct the encrypted data processed inside the legitimate process.

The researchers also made available the proof of concept (PoC) for the attack, showing that it is indeed feasible and not just theoretical. This PoC can now also be re-purposed and modified by attackers to launch a real attack against owners of systems using Intel CPUs.

Also at Ars Technica [arstechnica.com] and The Register [theregister.co.uk].

Related: OpenBSD disables Intel's hyper-threading over CPU data leak fears [theregister.co.uk]
TLBleed Affects Intel Processors with Hyperthreading to Leak Encryption Keys, Non-Trivial to Exploit [soylentnews.org]
OpenBSD Chief De Raadt Says No Easy Fix For New Intel CPU Bug [soylentnews.org]
Intel 'Gags' Linux Distros From Revealing Performance Hit From Spectre Patches [soylentnews.org]

Original Submission