Vulnerability CVE-2018-5407

Vulnerability CVE-2018-5407

Published: 2018-11-15

Description:

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

See advisories in our WLB2 database:

	Topic	Author	Date
Med.	Intel (Skylake / Kaby Lake) PortSmash CPU SMT Side-Channel	Billy Brumley	05.11.2018

Type:

CWE-200

(Information Exposure)

CVSS2 => (AV:L/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
1.9/10	2.9/10	3.4/10

Exploit range	Attack complexity	Authentication
Local	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	None	None

Affected software
Tenable -> Nessus
Redhat -> Enterprise linux desktop
Redhat -> Enterprise linux server
Redhat -> Enterprise linux server aus
Redhat -> Enterprise linux server eus
Redhat -> Enterprise linux server tus
Redhat -> Enterprise linux workstation
Oracle -> Enterprise manager ops center
Oracle -> Mysql enterprise backup
Oracle -> Peoplesoft enterprise peopletools
Oracle -> Primavera p6 enterprise project portfolio management
Oracle -> Tuxedo
Oracle -> Vm virtualbox
Oracle -> Api gateway
Oracle -> Application server
Oracle -> Enterprise manager base platform
Openssl -> Openssl
Nodejs -> Node.js
Debian -> Debian linux
Canonical -> Ubuntu linux

References:

http://www.securityfocus.com/bid/105897

https://access.redhat.com/errata/RHSA-2019:0483

https://access.redhat.com/errata/RHSA-2019:0651

https://access.redhat.com/errata/RHSA-2019:0652

https://eprint.iacr.org/2018/1060.pdf

https://github.com/bbbrumley/portsmash

https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html

https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/

https://security.gentoo.org/glsa/201903-10

https://security.netapp.com/advisory/ntap-20181126-0001/

https://usn.ubuntu.com/3840-1/

https://www.debian.org/security/2018/dsa-4348

https://www.debian.org/security/2018/dsa-4355

https://www.exploit-db.com/exploits/45785/

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

https://www.tenable.com/security/tns-2018-16

https://www.tenable.com/security/tns-2018-17

Vulnerability CVE-2018-5407

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

See advisories in our WLB2 database:

Med.

Intel (Skylake / Kaby Lake) PortSmash CPU SMT Side-Channel

CWE-200

CVSS2 => (AV:L/AC:M/Au:N/C:P/I:N/A:N)

1.9/10

2.9/10

3.4/10

Local

Medium

No required

Partial

None

None

Affected software

References: