CVE-2018-5407
MEDIUMUbuntu Linux - Exposure of Sensitive Information via SMT Port Contention Timing Attack
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2018-5407. PoCs published by Billy Brumley.
AI-analyzed exploit summary This is a proof-of-concept exploit for the PortSmash microarchitecture attack (CVE-2018-5407), targeting OpenSSL 1.1.0h or lower. It leverages SMT (Simultaneous Multithreading) to extract cryptographic keys by monitoring execution traces.
Description
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
Exploits (1)
This is a proof-of-concept exploit for the PortSmash microarchitecture attack (CVE-2018-5407), targeting OpenSSL 1.1.0h or lower. It leverages SMT (Simultaneous Multithreading) to extract cryptographic keys by monitoring execution traces.
References (28)
Scores
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N