11-06-2018, 02:13 PM
Another threat to Intel CPUs has been discovered, this vulnerability called "PortSmash", which seems similar to previously discovered TLBleed, as it also lets attacks steal crytographic keys.
So far the exploit has only been verified on Skylake and Kaby Lake chips; however, the exploit might affect all chips using Simultaneous Multithreading (or SMT) Architecture. The researchers also suspect it may affect AMD Ryzen as well.
The Advisory, as posted by the researchers who discovered the flaw, can be found here.
One of the aforementioned researchers, Billy Brunley, published a proof-of-concept of the exploit on his GitHub account.
Intel has this to say:
“Intel received notice of the research. This issue is not reliant on speculative execution and is therefore unrelated to Spectre, Meltdown or L1 Terminal Fault. We expect that it is not unique to Intel platforms. Research on side-channel analysis methods often focuses on manipulating and measuring the characteristics, such as timing, of shared hardware resources. Software or software libraries can be protected against such issues by employing side channel safe development practices.”
That was the news folks, the week is still chugging along, have a good one and stay safe out there.
----Sh7nk-Z0id