Lucene search

K
certCERTVU:911878
HistoryMay 23, 2005 - 12:00 a.m.

Simultaneous multithreading processors may leak information through cache eviction analysis techniques

2005-05-2300:00:00
www.kb.cert.org
32

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

CVSS3

5.6

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

32.8%

Overview

Operating systems on hardware platforms supporting simultaneous multi-threading (Hyper-Threading technology in particular) are potentially vulnerable to information leakage to local users. Proof of concept papers and code demonstrating successful attacks against cryptographic keys are in public circulation.

Description

Hyper-Threading (HT) Technology allows two series of instructions to run simultaneously and independently on a single processor. With Hyper-Threading Technology enabled, the system treats a physical processor as two “logical” processors. Each logical processor is allocated a thread on which to work, as well as a share of execution resources such as cache memories, execution units, and buses. Information could potentially be deduced by local users using programs capable of shared memory cache eviction analysis. Proof of concept code using timing and cache eviction analysis techniques have demonstrated that cyptographic keys can be deduced on Intel processors with Hyper-Threading technology (HTT) . It is likely that similar techniques could be employed on other processor architectures that support simultaneous multithreading.

This vulnerability is applicable to many operating system platforms running on a hardware platform that supports simultaneous multithreading (Intel HTT in particular).

Colin Percival has released a paper “Cache Missing for Fun and Profit” that demonstrates shared access to memory caches provide a potential covert channel between threads, and also permit a malicious thread to monitor the execution of another thread, potentially allowing for theft of cryptographic keys.

Vendors have started providing patches and configuration information to disable simultaneous multithreading/HTT support.

Warning: On dual-core (multiple CPU) systems this could have the undesirable effect of disabling all but one of the CPUs. For single core (CPU) systems this workaround may still impact the performance of the server (depending on load).

Organizations need to assess whether the performance impact of disabling simultaneous multithreading/HTT support is worthwhile relative to the risk of successful compromise of sensitive information.

Impact

Sensitive information, including cryptographic key material, may be leaked to other local users on the affected system.

The paper describing this issue and its corresponding proof-of-concept exploit make assumptions about the relative quiescence of the target system. At this stage it is unclear how viable the analysis techniques outlined in the above paper would be on busy systems.

Single user workstations and systems where users do not have the ability to run their own programs are unlikely to be affected by this specific issue.

Solution

We are not aware of an all encompassing short term solution to this issue.

Workarounds

Disabling of simultaneous multithreading/HTT support at the operating system or BIOS level may reduce the likelihood of successful attack using the methods outlined in Colin’s paper, however it may not mitigate against other similar types of attackes.

Vendor Information

911878

Filter by status: All Affected Not Affected Unknown

Filter by content: __Additional information available

__Sort by: Status Alphabetical

Expand all

Javascript is disabled. Clickhere to view vendors.

FreeBSD __ Affected

Notified: May 23, 2005 Updated: May 24, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

FreeBSD has released a security advisory FreeBSD-SA-05:09.htt available from:

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:09.htt.asc

FreeBSD has also released patches to disable HTT support.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Red Hat Inc. __ Affected

Notified: May 23, 2005 Updated: August 05, 2005

Status

Affected

Vendor Statement

Vendor Statement: Red Hat, Inc

Updated packages for Red Hat Enterprise 2.1, 3, and 4 are available to mitigate this and related attacks against OpenSSL:

http://rhn.redhat.com/errata/CAN-2005-0109.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SCO __ Affected

Notified: May 23, 2005 Updated: May 24, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

SCO has released two security advisories about “Hyper-Threading information leakage”, they are available from:

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.24/SCOSA-2005.24.txt
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.24/SCOSA-2005.24.txt

The security advisories state:
“This issue affects OpenServer 5.0.7 if SMP is installed and any Update Pack is applied. It also affects UnixWare 7.1.4 and 7.1.3 if Hyper-Threading is enabled. (Hyper-Threading is disabled in UnixWare by default.)”

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sun Microsystems Inc. __ Affected

Notified: May 23, 2005 Updated: June 03, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Sun have released a Sun(sm) Alert Notification available at:

http://sunsolve.sun.com/search/document.do?assetkey=1-26-101739-1

Sun state that Solaris on the SPARC platform is not affected by this issue.
The alert contains information on four mitigation options, see the alert for details.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

F5 Networks __ Not Affected

Notified: May 23, 2005 Updated: May 26, 2005

Status

Not Affected

Vendor Statement

F5 Products are not vulnerable to VU911878, the hyperthreading information leakage issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Juniper Networks __ Not Affected

Notified: May 23, 2005 Updated: June 02, 2005

Status

Not Affected

Vendor Statement

The hyper-threading (HTT) support in FreeBSD kernels is only
available when the kernel is configured to support symmetric
multi-processing (SMP). JUNOS is not currently configured and built
to utilize SMP for any of our platforms. Of our platforms, the
J-Series is the only one for which the hardware could physically
support HTT. There is no plan to enable HTT on the J-Series platform
for any current releases.

Juniper E-series and ScreenOS are not based on FreeBSD, and therefore
not affected.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Apple Computer Inc. __ Unknown

Notified: May 23, 2005 Updated: May 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Connectiva __ Unknown

Notified: May 23, 2005 Updated: May 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Cray Inc. __ Unknown

Notified: May 23, 2005 Updated: May 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Debian __ Unknown

Notified: May 23, 2005 Updated: May 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

EMC Corporation __ Unknown

Notified: May 23, 2005 Updated: May 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Engrade __ Unknown

Notified: May 23, 2005 Updated: May 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Fujitsu __ Unknown

Notified: May 23, 2005 Updated: May 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hewlett-Packard Company __ Unknown

Notified: May 23, 2005 Updated: May 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hitachi __ Unknown

Notified: May 23, 2005 Updated: May 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IBM __ Unknown

Notified: May 23, 2005 Updated: May 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Immunix __ Unknown

Notified: May 23, 2005 Updated: May 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Ingrian Networks __ Unknown

Notified: May 23, 2005 Updated: May 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Intel __ Unknown

Notified: May 23, 2005 Updated: May 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Mandriva Inc. __ Unknown

Notified: May 23, 2005 Updated: May 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Microsoft Corporation __ Unknown

Notified: May 23, 2005 Updated: May 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MontaVista Software __ Unknown

Notified: May 23, 2005 Updated: May 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NEC Corporation __ Unknown

Notified: May 23, 2005 Updated: May 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NetBSD __ Unknown

Notified: May 23, 2005 Updated: May 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Nokia __ Unknown

Notified: May 23, 2005 Updated: May 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Novell __ Unknown

Notified: May 23, 2005 Updated: May 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

OpenBSD __ Unknown

Notified: May 23, 2005 Updated: May 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Openwall GNU/*/Linux __ Unknown

Notified: May 23, 2005 Updated: May 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

QNX __ Unknown

Notified: May 23, 2005 Updated: May 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SGI __ Unknown

Notified: May 23, 2005 Updated: May 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sequent __ Unknown

Notified: May 23, 2005 Updated: May 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sony Corporation __ Unknown

Notified: May 23, 2005 Updated: May 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SuSE Inc. __ Unknown

Notified: May 23, 2005 Updated: May 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

TurboLinux __ Unknown

Notified: May 23, 2005 Updated: May 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Unisys __ Unknown

Notified: May 23, 2005 Updated: May 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

WRS __ Unknown

Notified: May 23, 2005 Updated: May 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

View all 36 vendors __View less vendors __

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Colin Percival is credited with bringing the issue to the attention of vendors and the wider community.

This document was written by Robert Mead and Chad Dougherty.

Other Information

CVE IDs: CVE-2005-0109
Severity Metric: 8.30 Date Public:

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

CVSS3

5.6

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

32.8%