CVE-2018-5407
Intel (Skylake / Kaby Lake) - 'PortSmash' CPU SMT Side-Channel
Severity Score
Exploit Likelihood
Affected Versions
41Public Exploits
3Exploited in Wild
-Decision
Descriptions
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
SMT (Simultaneous Multi-threading) en los procesadores puede habilitar que usuarios locales exploten software vulnerable a ataques de sincronización mediante un ataques de sincronización de canal lateral en la "contención de puertos".
A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Issues addressed include bypass and denial of service vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-01-12 CVE Reserved
- 2018-11-02 CVE Published
- 2018-11-02 First Exploit
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-203: Observable Discrepancy
CAPEC
References (31)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/105897 | Third Party Advisory | |
| https://eprint.iacr.org/2018/1060.pdf | Technical Description | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html | Mailing List |
|
| https://nodejs.org/en/blog/vulnerability/november-2018-security-releases | Third Party Advisory | |
| https://security.netapp.com/advisory/ntap-20181126-0001 | Third Party Advisory |
|
| https://support.f5.com/csp/article/K49711130?utm_source=f5support&%3Butm... | X_refsource_confirm | |
| https://www.tenable.com/security/tns-2018-16 | Third Party Advisory | |
| https://www.tenable.com/security/tns-2018-17 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/150138 | 2018-11-02 | |
| https://www.exploit-db.com/exploits/45785 | 2024-08-05 | |
| https://github.com/bbbrumley/portsmash | 2024-08-05 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2019:0483 | 2023-11-07 | |
| https://access.redhat.com/errata/RHSA-2019:0651 | 2023-11-07 | |
| https://access.redhat.com/errata/RHSA-2019:0652 | 2023-11-07 | |
| https://access.redhat.com/errata/RHSA-2019:2125 | 2023-11-07 | |
| https://access.redhat.com/errata/RHSA-2019:3929 | 2023-11-07 | |
| https://access.redhat.com/errata/RHSA-2019:3931 | 2023-11-07 | |
| https://access.redhat.com/errata/RHSA-2019:3932 | 2023-11-07 | |
| https://access.redhat.com/errata/RHSA-2019:3933 | 2023-11-07 | |
| https://access.redhat.com/errata/RHSA-2019:3935 | 2023-11-07 | |
| https://security.gentoo.org/glsa/201903-10 | 2023-11-07 |