Vulnerability CVE-2018-5407


Published: 2018-11-15

Description:
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Intel (Skylake / Kaby Lake) PortSmash CPU SMT Side-Channel
Billy Brumley
05.11.2018

Type:

CWE-200

(Information Exposure)

Vendor: Debian
Product: Debian linux 
Version: 9.0; 8.0;
Vendor: Nodejs
Product: Node.js 
Version:
8.9.4
8.9.3
8.9.2
8.9.1
8.9.0
8.8.1
8.8.0
8.7.0
8.6.0
8.5.0
8.4.0
8.3.0
8.2.1
8.2.0
8.11.3
8.11.2
8.11.1
8.11.0
8.10.0
8.1.4
8.1.3
8.1.2
8.1.1
8.1.0
8.0.0
6.9.5
6.9.4
6.9.3
6.9.2
6.9.1
6.9.0
6.8.1
6.8.0
6.7.0
6.6.0
6.5.0
6.4.0
6.3.1
6.3.0
See more versions on NVD
Vendor: Oracle
Product: Peoplesoft enterprise peopletools 
Version:
8.57
8.56
8.55
See more versions on NVD
Product: Primavera p6 enterprise project portfolio management 
Version: 8.4;
Vendor: Tenable
Product: Nessus 
Version:
8.1.0
8.0.1
8.0.0
7.2.2
7.2.1
7.2.0
7.1.4
7.1.3
7.1.2
7.1.1
7.1.0
7.0.3
7.0.2
7.0.1
7.0.0
6.9.3
6.9.2
6.9.1
6.9.0
6.9
6.8.2
6.8.1
6.8.0
6.8
6.7.0
6.7
6.6.2
6.6.1
6.6.0
6.5.6
6.5.5
6.5.4
6.5.3
6.5.2
6.5.1
6.5.0
6.4.3
6.4.2
6.4.1
6.4.0
6.3.7
6.3.6
6.3.5
6.3.4
6.3.3
6.3.2
6.3.1
6.3.0
See more versions on NVD
Vendor: Redhat
Product: Enterprise linux server aus 
Version: 7.6;
Product: Enterprise linux server tus 
Version: 7.6;
Product: Enterprise linux server 
Version: 7.6; 7.0;
Product: Enterprise linux server eus 
Version: 7.6;
Product: Enterprise linux desktop 
Version: 7.0;
Product: Enterprise linux workstation 
Version: 7.0;

CVSS2 => (AV:L/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
1.9/10
2.9/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://www.securityfocus.com/bid/105897
https://access.redhat.com/errata/RHSA-2019:0483
https://access.redhat.com/errata/RHSA-2019:0651
https://access.redhat.com/errata/RHSA-2019:0652
https://eprint.iacr.org/2018/1060.pdf
https://github.com/bbbrumley/portsmash
https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
https://security.gentoo.org/glsa/201903-10
https://security.netapp.com/advisory/ntap-20181126-0001/
https://usn.ubuntu.com/3840-1/
https://www.debian.org/security/2018/dsa-4348
https://www.debian.org/security/2018/dsa-4355
https://www.exploit-db.com/exploits/45785/
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.tenable.com/security/tns-2018-16
https://www.tenable.com/security/tns-2018-17

Related CVE
CVE-2019-14813
A flaw was found in ghostscript, versions 9.x before 9.28, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable se...
CVE-2019-6648
On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by ...
CVE-2019-1125
An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073.
CVE-2019-10140
A vulnerability was found in Linux kernel's, versions up to 3.10, implementation of overlayfs. An attacker with local access can create a denial of service situation via NULL pointer dereference in ovl_posix_acl_create function in fs/overlayfs/dir.c....
CVE-2019-10201
It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the <Signature> sections, the message is still accepted, and the message can be modified....
CVE-2019-10199
It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain.
CVE-2019-10176
A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user's session. An attacker with the ability to observe the value of this t...
CVE-2019-10171
It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service.

Copyright 2019, cxsecurity.com

 

Back to Top