The vulnerabilities of Intel processors based on Skylake and Kaby Lake architectures are related to implementation errors in the SMT technology, which allow attackers to exploit these vulnerabilities to disclose protected information.

🗓️ 28 Dec 2018 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

Vulnerabilities in Intel Skylake and Kaby Lake from imperfect simultaneous multithreading allow disclosure of protected information.

Reporter	Title	Published	Views	Family All 279
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private - Node.js	11 Mar 201914:55	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2018-5407,CVE-2020-1967,CVE-2018-0734,CVE-2019-1563,CVE-2019-1549,CVE-2019-1552,CVE-2019-1559,CVE-2018-0735)	15 Dec 202020:13	–	ibm
IBM Security Bulletins	Security Bulletin: OpenSSL vulnerability affects IBM Rational Team Concert	28 Apr 202118:35	–	ibm
IBM Security Bulletins	Security Bulletin: OpenSSL as used in IBM QRadar Network Packet Capture is vulnerable to information exposure (CVE-2018-5407)	2 Aug 201915:42	–	ibm
IBM Security Bulletins	Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal's dependencies - Cumulative list from June 28, 2018 to December 13, 2018	28 Jan 201917:05	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Rational Application Developer for WebSphere Software	29 Jan 201921:10	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in OpenSSL affect AIX (CVE-2018-0734, CVE-2018-5407)	11 Dec 201815:45	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities have been addressed in IBM Security Access Manager Appliance	30 Sep 201921:15	–	ibm
IBM Security Bulletins	Security Bulletin: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)	21 Jan 201916:15	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in GNU Binutils, Bootstrap, PortSmash, Node.js, and libarchive might affect IBM Storage Defender – Data Protect.	18 Oct 202401:50	–	ibm

Vulners

Node

oracle api_gatewayMatch11.1.2.4.0

oracle enterprise_manager_ops_centerMatch12.3.3

oracle tuxedoMatch12.1.1.0

oracle peoplesoft_enterprise_peopletoolsMatch8.55

oracle peoplesoft_enterprise_peopletoolsMatch8.56

oracle peoplesoft_enterprise_peopletoolsMatch8.57

oracle primavera_p6_enterprise_project_portfolio_managementMatch8.4

oracle primavera_p6_enterprise_project_portfolio_managementMatch15.1

oracle primavera_p6_enterprise_project_portfolio_managementMatch15.2

oracle primavera_p6_enterprise_project_portfolio_managementMatch16.1

oracle primavera_p6_enterprise_project_portfolio_managementMatch16.2

oracle primavera_p6_enterprise_project_portfolio_managementMatch18.8

novell suse_enterprise_storageMatch4

novell suse_openstack_cloudMatch7

novell suse_linux_enterprise_module_for_open_buildservice_development_toolsMatch15

node.js node.jsMatch10

novell suse_linux_enterprise_module_for_web_scriptingMatch12

oracle secure_global_desktopMatch5.4

oracle enterprise_manager_base_platformMatch12.1.0.5

node.js node.jsMatch6

node.js node.jsMatch8

oracle primavera_p6_enterprise_project_portfolio_managementRange17.7–17.12

oracle application_serverMatch0.9.8

oracle application_serverMatch1.0.0

oracle application_serverMatch1.0.1

oracle mysql_enterprise_backupRange≤3.12.3

oracle mysql_enterprise_backupRange≤4.1.2

novell suse_studio_onsiteMatch1.3

novell suse_caas_platformMatch3.0

novell suse_linux_enterprise_module_for_legacy_softwareMatch15

novell suse_openstack_cloud_crowbarMatch8

novell openstack_cloud_magnum_orchestrationMatch7

novell suse_linux_enterprise_module_for_legacy_softwareMatch12

oracle enterprise_manager_base_platformMatch13.2.0.0

oracle enterprise_manager_base_platformMatch13.3.0.0

openssl opensslRange1.0.2–1.0.2q

openssl opensslRange1.1.0–1.1.0i

red_hat red_hat_enterprise_linuxMatch5

red_hat red_hat_enterprise_linuxMatch6

red_hat red_hat_enterprise_linuxMatch7

novell opensuse_leapMatch42.3

ibm ibm_viosMatch2.2.1.0

ibm ibm_viosMatch2.2.1.1

ibm ibm_viosMatch2.2.1.3

ibm ibm_viosMatch2.2.1.8

ibm ibm_viosMatch2.2.1.9

ibm ibm_viosMatch2.2.2.0

ibm ibm_viosMatch2.2.2.4

ibm ibm_viosMatch2.2.2.5

ibm ibm_viosMatch2.2.2.6

ibm ibm_viosMatch2.2.3.0

ibm ibm_viosMatch2.2.3.2

ibm ibm_viosMatch2.2.3.3

ibm ibm_viosMatch2.2.3.4

ibm ibm_viosMatch2.2.3.50

ibm ibm_viosMatch2.2.4.0

ibm ibm_aixMatch5.3

ibm ibm_aixMatch6.1

ibm ibm_aixMatch7.1

ibm ibm_aixMatch7.2

canonical ubuntuMatch18.10

ibm ibm_viosMatch2.2.3

ibm ibm_viosMatch2.2

ibm ibm_viosMatch2.2.0.13

ibm ibm_viosMatch2.2.0.11

ibm ibm_viosMatch2.2.0.10

red_hat red_hat_enterprise_linuxMatch8

novell opensuse_leapMatch15.0

novell suse_linux_enterprise_serverMatch12-ltss

novell suse_linux_enterprise_server_for_sap_applicationsMatch12-ltss

novell suse_linux_enterprise_serverMatch11-security

novell suse_linux_enterprise_server_for_sap_applicationsMatch11-security

red_hat red_hat_enterprise_virtualizationMatch4

Source	Link
xakep	www.xakep.ru/2018/11/02/portsmash/
access	www.access.redhat.com/security/cve/cve-2018-5407
securityfocus	www.securityfocus.com/bid/105897
usn	www.usn.ubuntu.com/3840-1/
nvd	www.nvd.nist.gov/vuln/detail/CVE-2018-5407
security-tracker	www.security-tracker.debian.org/tracker/CVE-2018-5407
github	www.github.com/bbbrumley/portsmash
wiki	www.wiki.astralinux.ru/pages/viewpage.action
wiki	www.wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
web	www.web.nvd.nist.gov/view/vuln/detail

19 Feb 2025 00:00Current

6.8Medium risk

Vulners AI Score6.8

CVSS 24.9

CVSS 37.1

EPSS0.00844