CVE-2018-5407 Information
Share on:Description
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on ‘port contention’.
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Reference
http://www.securityfocus.com/bid/105897 https://access.redhat.com/errata/RHSA-2019:0483 https://access.redhat.com/errata/RHSA-2019:0651 https://access.redhat.com/errata/RHSA-2019:0652 https://access.redhat.com/errata/RHSA-2019:2125 https://access.redhat.com/errata/RHSA-2019:3929 https://access.redhat.com/errata/RHSA-2019:3931 https://access.redhat.com/errata/RHSA-2019:3932 https://access.redhat.com/errata/RHSA-2019:3933 https://access.redhat.com/errata/RHSA-2019:3935 https://eprint.iacr.org/2018/1060.pdf https://github.com/bbbrumley/portsmash https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/ https://security.gentoo.org/glsa/201903-10 https://security.netapp.com/advisory/ntap-20181126-0001/ https://support.f5.com/csp/article/K49711130?utm_source=f5support&utm_medium=RSS https://usn.ubuntu.com/3840-1/ https://www.debian.org/security/2018/dsa-4348 https://www.debian.org/security/2018/dsa-4355 https://www.exploit-db.com/exploits/45785/ https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://www.tenable.com/security/tns-2018-16 https://www.tenable.com/security/tns-2018-17
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
4.7