BSA-2018-740

Brocade Security Advisory ID

BSA-2018-740

Initial Publication Date

11/02/2018

Last Updated

11/02/2018

Revision

1.0: Initial

Risk Impact

Low

Workaround

N/A

Component

CPU featuring SMT

Affected CVE

CVE-2018-5407

CVSS Score

4.8

Summary
A group a researchers has discover a new vulnerability being called PortSmash, impacting all CPUs that use a Simultaneous Multithreading (SMT) architecture.  SMT is a technology that allows multiple computing threads to be executed simultaneously on a CPU core.

"PortSmash is being classified as a  side-channel attack which is technique used for leaking encrypted data from a computer’s memory or CPU, that will also record and analyze discrepancies in operation times, power consumption, electromagnetic leaks, or even sound to gain additional info that may help break encryption algorithms and recovering the CPU’s processed data."

The researchers have pubished a PortSmash attack proof-of-concept (PoC) on Intel Skylake and Kaby Lake CPUs.

Products Confirmed Not Vulnerable
No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by this vulnerability.

Revision History

Version Change Date
1.0 Initial Publication Nov 02, 2018

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.