Main Vulnerability Database Exploits ID:6104 - Exploit for Side-channel attack in Kaby Lake and Intel Skylake - CVE-2018-5407

ID:6104 - Exploit for Side-channel attack in Kaby Lake and Intel Skylake - CVE-2018-5407

Published: June 17, 2021

Vulnerability identifier: #VU15723

Vulnerability risk: Low

CVE-ID: CVE-2018-5407

CWE-ID: CWE-208

Exploitation vector: Local access

Vulnerable software:
Kaby Lake
Intel Skylake

Link to public exploit:

https://www.exploit-db.com/exploits/45785/

Vulnerability description

The vulnerability allows a physical attacker to obtain potentially sensitive information.

The vulnerability exists due to due to execution of engine sharing on SMT (e.g.Hyper-Threading) architectures when improper handling of information by the processor. A physical attacker can construct a timing side channel to hijack information from processes that are running in the same core.

Note: the vulnerability has been dubbed as PortSmash microarchitecture bug.

Remediation

Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.

ID:6104 - Exploit for Side-channel attack in Kaby Lake and Intel Skylake - CVE-2018-5407

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human