14

I just heard in the news: Intel CPUs impacted by new PortSmash side-channel vulnerability. Is it as threatening as Meltdown/Spectre? Is it patched? What should we do to be safe? Does it affect AMD CPU's?

It is found by a team in a university so possibly it is not dangerous but a POC is available in GitHub, which makes me to worry.

Anders
  • 64,406
  • 24
  • 178
  • 215
0_o
  • 1,142
  • 1
  • 9
  • 19

1 Answers1

24

As with a lot of breaking-news coverage of computer security, there's a lot of questionable reporting on PortSmash. It's not actually very interesting, as it doesn't really add much to the attacker toolkit. It only affects a very narrow set of targets, which are already vulnerable to other attacks (and have been for years).

Colin Percival actually described the attack in question 13 years ago. The scope, specifically, is where there's a secret held in memory (a cryptographic key, for example) that alters what code your program executes. As Percival says in the linked tweets:

The defence against PortSmash is exactly the same as the defence against microarchitectural side channel attacks from 2005: Make sure that the cryptographic key you're using does not affect the sequence of instructions or memory accesses performed by your code.

So this story can be filed under "confirming what we already knew". It's great work -- and I'm glad that after 13 years someone has finally gotten around to writing the exploit -- but it's not something users need to worry about at all.

So PortSmash isn't really anything that new; it's a small evolution in a class of side-channel attacks that all hyper-threading processors are vulnerable to, and have been since the beginning. And yes, it almost certainly impacts both AMD and Intel processors — as it may any hyper-threading processor where similar multi-threading features (specifically, ports or pipes — see comments on this answer for more information) can be maliciously abused.

Johnny
  • 1,051
  • 5
  • 19
  • 3
    You mention that it supports AMD processors, but port conflicts aren't a thing for AMD. Ports between units is a thing unique to Intel (though of course SMT-based side-channel attacks are still a thing for AMD). – forest Nov 05 '18 at 07:54
  • 3
    @Johnny So the vulnerability isn't new but the Python POC does. All security news are like a new disaster is coming. – 0_o Nov 05 '18 at 07:59
  • @forest My knowledge of port conflicts isn't deep enough to speak to that myself, except that the horse's mouth seems to be saying that at least some AMD architectures are likely affected. From the [OP's ZDNet link](https://www.zdnet.com/article/intel-cpus-impacted-by-new-portsmash-side-channel-vulnerability/): "*We leave as future work exploring the capabilities of PortSmash... on AMD Ryzen systems*". – Johnny Nov 05 '18 at 08:04
  • 1
    @Johnny Then it must be that it doesn't rely on port conflicts, because, unless things changed, ports simply do not exist on AMD. They use some other technique to transfer data and control information between units. – forest Nov 05 '18 at 08:07
  • @forest I defer to your knowledge — and amended the wording of my final sentence. Thanks for your input :) – Johnny Nov 05 '18 at 08:09
  • 7
    It looks like AMD uses something called _pipes_ instead, which seem to have equivalent functionality. At least it looks like that in section 16.8 of https://www.cs.utexas.edu/~hunt/class/2018-spring/cs340d/documents/Agner-Fog/microarchitecture.pdf – forest Nov 05 '18 at 08:31
  • @forest Wording ammended again. Great document, I'm filing that away for later reference! – Johnny Nov 05 '18 at 08:34
  • Agner Fog is always the go-to guy for low-level CPU microarchitecture! – forest Nov 05 '18 at 08:35
  • 4
    @forest: Port and pipe are basically synonymous; it's just different terminology for the same thing. Resource conflicts for execution units on the same dispatch port/pipe, or for the same execution unit, are a thing on AMD Ryzen. (But note that Bulldozer-family doesn't have SMT, it has two weak integer cores sharing a vector unit, which AMD calls CMT. So two threads sharing a "module/core" compete for the front-end, and for resources on the SIMD/FP instructions, but not for integer execution pipes. https://www.realworldtech.com/bulldozer/10/.) – Peter Cordes Nov 05 '18 at 12:05
  • 6
    @Johnny: Agner Fog publishes his guides on his own web site, https://www.agner.org/optimize/. No need to go to some random mirror of them. – Peter Cordes Nov 05 '18 at 12:07
  • 1
    @PeterCordes Ah, thanks for correcting me! Anyway, Agner's website blocks my IP (I use Tor), so I just happened to find it first on a mirror and linked it there. – forest Nov 06 '18 at 03:54
  • Im reading security news, Non of them mentioned the age of this vulnerability and the possible attack target size, It seems it is an update to the old "PortSmash" ?! – 0_o Nov 06 '18 at 07:28