SUSE Support

Here When You Need Us

Security Vulnerability: "PortSmash" aka CVE-2018-5407.

This document (7023497) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 15


Situation

The Synchronous Multithreading concept used in modern processors allows to run multiple execution threads on the same CPU core, sharing various resources like caches and compute resources. 

Due to the lightweight nature of this synchronous multithreading, the processor has insufficient boundaries between those threads, which can lead to side channel information leak attacks.

Examples of such attacks and research on it has been published before, up to and including the "L1 Terminal Fault" security issue from August 2018.

Recently security researchers have published a working attack that does use computational saturation of vector units to gleam information from other threads, codenamed "PortSmash" ( CVE-2018-5407 ).

While this attack specifically targets parts of the vectorized elliptic curve computation code in openssl, it could be adapted to other code places or code patterns.

As this kind of side channel is known for several years, cryptographic code has been adapted over the last years not to be susceptible to such attacks by using "constant time" operations or so called "blinding", making its operations less observable.

Parts of cryptographic code that are not operating in constant time are considered bugs, and will be getting fixed place by place.
The attack targets a specific piece of code in openssl's Elliptic Curve Point multiplication routines which were not operating in constant time.


Resolution

Mitigations for this issue are :
  • The programmatic solution is to adjust cryptographic routines to operate in constant time.
SUSE will be providing fixed openssl packages mitigating the openssl elliptic curve multiplication in the coming days.
  • To be safe against future variants of this attack, disabling Synchronous Multi Threading, or only turning this on in "safe" scenarios, should be considered.
The SUSE guidance for 'trusted' vs 'untrusted' guests is the same as our guidance on the L1 Terminal Fault issue.

Detailed information on the usage of SMT and other relevant kernel commandline parameters can be found here: TID 7023077 - "L1 Terminal Fault" (L1TF).

Cause

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7023497
  • Creation Date: 05-Nov-2018
  • Modified Date:03-Mar-2020
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.