{"vulnerability": "CVE-2018-5407", "sightings": [{"uuid": "f9af6841-8c18-4414-bd99-a0d9dd55f664", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-5407", "type": "seen", "source": "MISP/5be09cce-d808-4033-93cd-08030a021402", "content": "", "creation_timestamp": "2018-11-05T19:44:07.000000Z"}, {"uuid": "acbfa077-493c-4920-a408-633df7ff5f22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-5407", "type": "seen", "source": "https://t.me/BitLenta/2890", "content": "\u2716\ufe0f \u041d\u043e\u0432\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u0430\u0445 Intel Skylake \u0438 Kaby Lake (\u0438, \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e, AMD), \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0443\u044e \u0441 \u0440\u0430\u0431\u043e\u0442\u043e\u0439 \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0438 \u043e\u0434\u043d\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0439 \u043c\u043d\u043e\u0433\u043e\u043f\u043e\u0442\u043e\u0447\u043d\u043e\u0441\u0442\u0438 (Simultaneous Multithreading, SMT), \u043e\u043d\u0430 \u0436\u0435 Hyper-Threading \u0432 \u043f\u0440\u043e\u043f\u0440\u0438\u0435\u0442\u0430\u0440\u043d\u043e\u0439 \u0438\u043c\u043f\u043b\u0435\u043c\u0435\u043d\u0442\u0430\u0446\u0438\u0438 Intel.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 PortSmash \u0438 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE-2018-5407. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0431\u044a\u044f\u0441\u043d\u044f\u044e\u0442, \u0447\u0442\u043e \u044d\u0442\u043e \u0435\u0449\u0435 \u043e\u0434\u043d\u0430 \u0430\u0442\u0430\u043a\u0430 \u043f\u043e \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0435\u043c\u0443 \u043a\u0430\u043d\u0430\u043b\u0443 (side-channel) \u0434\u043b\u044f \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Intel.\n\nSMP \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u0440\u0435\u0432\u0440\u0430\u0442\u0438\u0442\u044c \u0444\u0438\u0437\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u044f\u0434\u0440\u043e \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u0430 \u0432 \u0434\u0432\u0430 \u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u044f\u0434\u0440\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u0441 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u043c\u0438 \u043f\u043e\u0442\u043e\u043a\u0430\u043c\u0438 \u0438 \u0443\u0432\u0435\u043b\u0438\u0447\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u044c. \u0421\u0443\u0442\u044c \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b PortSmash \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u043d\u0430 \u0432\u0441\u0435\u0445 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u0430\u0445 \u0441 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u043e\u0439 SMT \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043f\u0440\u043e\u0446\u0435\u0441\u0441, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0439 \u0431\u043e\u043a \u043e \u0431\u043e\u043a \u0441 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u043c \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u044b\u043c, \u043c\u043e\u0436\u0435\u0442 \u00ab\u0441\u043b\u0438\u0432\u0430\u0442\u044c\u00bb \u043d\u0435\u0431\u043e\u043b\u044c\u0448\u0438\u0435 \u043f\u043e\u0440\u0446\u0438\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438\u0437 \u044d\u0442\u043e\u0433\u043e \u0441\u043e\u0441\u0435\u0434\u043d\u0435\u0433\u043e \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430. \u0422\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c, \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u043c\u043e\u0436\u0435\u0442 \u0438\u0437\u0432\u043b\u0435\u0447\u044c \u0438 \u0440\u0435\u043a\u043e\u043d\u0441\u0442\u0440\u0443\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u043a\u0430\u043a\u043e\u0433\u043e-\u043b\u0438\u0431\u043e \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430. \ud83c\udf32\u2716\ufe0f @BitLenta", "creation_timestamp": "2018-11-02T21:06:47.000000Z"}, {"uuid": "b02a7cf0-4f06-46fb-ad7b-60aec96bede2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-5407", "type": "published-proof-of-concept", "source": "https://t.me/thehackernews/121", "content": "Researchers Discover Another Hyper-Threading Vulnerability in Intel CPUs\n\nNew PortSmash (CVE-2018-5407) Side-Channel Attack Could Allow Malicious Processes to Steal Sensitive and Protected Data\n\nRead More: https://thehackernews.com/2018/11/portsmash-intel-vulnerability.html", "creation_timestamp": "2018-11-07T10:23:47.000000Z"}, {"uuid": "53b2e017-c755-4f43-81c1-ea5560e62722", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-5407", "type": "exploited", "source": "https://t.me/ctinow/4451", "content": "New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading feature enabled.\n\nThe vulnerability, codenamed PortSmash (CVE-2018-5407), has joined the list of other", "creation_timestamp": "2018-11-04T10:32:05.000000Z"}, {"uuid": "2d1ec942-1008-4f55-86cd-dbf5f8d71a1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-5407", "type": "exploited", "source": "https://t.me/information_security_channel/21874", "content": "New Side-Channel Vulnerability Leaks Sensitive Data From Intel Chips\nhttp://feedproxy.google.com/~r/Securityweek/~3/0L9TlL_VPIM/portsmash-new-side-channel-vulnerability-leaks-sensitive-data-intel-chips-CVE-2018-5407\n\nA newly revealed side-channel attack can leak encrypted data from Intel microprocessors that use a Simultaneous Multithreading (SMT) architecture.\nread more (https://www.securityweek.com/portsmash-new-side-channel-vulnerability-leaks-sensitive-data-intel-chips-CVE-2018-5407)", "creation_timestamp": "2018-11-05T19:34:25.000000Z"}, {"uuid": "3cc8b7be-78d5-4aaf-b40c-3c7119e95fd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-5407", "type": "seen", "source": "https://t.me/canyoupwnme/4679", "content": "CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures\nhttps://seclists.org/oss-sec/2018/q4/123", "creation_timestamp": "2018-11-04T21:20:57.000000Z"}, {"uuid": "0827b52d-e73e-41f4-bb3e-4fd8a21149f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-5407", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/109", "content": "#exploit\n1. CVE-2018-5407:\nPortSmash microarchitecture attack\nhttps://github.com/bbbrumley/portsmash\n\n2. CVE-2018-8420:\nMS XML Core Services RCE through web browser\nhttps://github.com/Theropord/CVE-2018-8420\n\n3. Sophos HitmanPro.Alert memory disclosure and code execution vulnerabilities (PoC for CVE-2018-3970, CVE-2018-3971)\nhttps://blog.talosintelligence.com/2018/10/vulnerability-spotlight-talos-2018.html", "creation_timestamp": "2024-10-08T14:32:29.000000Z"}, {"uuid": "8be53501-4ea2-4b47-829d-014f89c59caa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-5407", "type": "exploited", "source": "https://t.me/SecLabNews/3551", "content": "\u0412 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u0430\u0445 Intel Skylake \u0438 Kaby Lake \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0430 \u043d\u043e\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0449\u0430\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0438\u0437\u0432\u043b\u0435\u0447\u044c \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0438\u0437 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0445 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0432. \u041d\u043e\u0432\u0443\u044e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0443\u044e \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 PortSmash (CVE-2018-5407), \u043e\u043f\u0438\u0441\u0430\u043b\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u0422\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0438\u0442\u0435\u0442\u0430 \u0422\u0430\u043c\u043f\u0435\u0440\u0435 (\u0424\u0438\u043d\u043b\u044f\u043d\u0434\u0438\u044f) \u0438 \u0422\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0438\u0442\u0435\u0442\u0430 \u0413\u0430\u0432\u0430\u043d\u044b (\u041a\u0443\u0431\u0430).    \n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u0430\u0445 Intel \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0438\u0437\u0432\u043b\u0435\u0447\u044c \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435", "creation_timestamp": "2018-11-05T12:22:00.000000Z"}]}