Red Hat Virtualization update for side-channel attack in SMT processors
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2018-5407 |
| CWE-ID | CWE-208 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
Red Hat Virtualization Host Web applications / Remote management & hosting panels Red Hat Virtualization Server applications / Virtualization software redhat-virtualization-host (Red Hat package) Operating systems & Components / Operating system package or component redhat-release-virtualization-host (Red Hat package) Operating systems & Components / Operating system package or component ovirt-node-ng (Red Hat package) Operating systems & Components / Operating system package or component imgbased (Red Hat package) Operating systems & Components / Operating system package or component |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Side-channel attack
EUVDB-ID: #VU15723
Risk: Low
CVSSv4.0: 3.2 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-5407
CWE-ID:
CWE-208 - Information Exposure Through Timing Discrepancy
Exploit availability: Yes
DescriptionThe vulnerability allows a physical attacker to obtain potentially sensitive information.
The vulnerability exists due to due to execution of engine sharing on SMT (e.g.Hyper-Threading) architectures when improper handling of information by the processor. A physical attacker can construct a timing side channel to hijack information from processes that are running in the same core.
Note: the vulnerability has been dubbed as PortSmash microarchitecture bug.
MitigationInstall updates from vendor's website.
Red Hat Virtualization Host: 4
Red Hat Virtualization: 4
redhat-virtualization-host (Red Hat package): before 4.3-20190409.0.el7_6
redhat-release-virtualization-host (Red Hat package): before 4.3-0.5.el7
ovirt-node-ng (Red Hat package): before 4.3.0-0.20181213.0.el7ev
imgbased (Red Hat package): before 1.1.7-0.1.el7ev
CPE2.3- cpe:2.3:a:red_hat:red_hat_virtualization_host:4:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:red_hat_virtualization:4:*:*:*:*:*:*:*
- cpe:2.3:o:red_hat:redhat-virtualization-host_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-release-virtualization-host_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:ovirt-node-ng_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:imgbased_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHBA-2019:1053
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
