CVE-2018-5407

Public Exploit

Description

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

References

Link	Tags
https://access.redhat.com/errata/RHSA-2019:0483	third party advisory vendor advisory
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	patch vendor advisory
https://security.netapp.com/advisory/ntap-20181126-0001/	third party advisory
https://usn.ubuntu.com/3840-1/	third party advisory vendor advisory
https://www.debian.org/security/2018/dsa-4355	third party advisory vendor advisory
https://www.tenable.com/security/tns-2018-17	third party advisory
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/	third party advisory
https://security.gentoo.org/glsa/201903-10	third party advisory vendor advisory
https://www.tenable.com/security/tns-2018-16	third party advisory
https://www.exploit-db.com/exploits/45785/	third party advisory vdb entry exploit
https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html	third party advisory mailing list
https://github.com/bbbrumley/portsmash	third party advisory exploit
https://www.debian.org/security/2018/dsa-4348	third party advisory vendor advisory
http://www.securityfocus.com/bid/105897	third party advisory vdb entry
https://eprint.iacr.org/2018/1060.pdf	third party advisory technical description
https://access.redhat.com/errata/RHSA-2019:0651	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2019:0652	third party advisory vendor advisory
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	third party advisory patch
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	third party advisory patch
https://access.redhat.com/errata/RHSA-2019:2125	third party advisory vendor advisory
https://support.f5.com/csp/article/K49711130?utm_source=f5support&%3Butm_medium=RSS
https://access.redhat.com/errata/RHSA-2019:3929	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2019:3933	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2019:3931	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2019:3935	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2019:3932	third party advisory vendor advisory
https://www.oracle.com/security-alerts/cpujan2020.html	third party advisory patch
https://www.oracle.com/security-alerts/cpuapr2020.html	third party advisory patch

Frequently Asked Questions

What is the severity of CVE-2018-5407?: CVE-2018-5407 has been scored as a medium severity vulnerability.
How to fix CVE-2018-5407?: To fix CVE-2018-5407, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2018-5407 being actively exploited in the wild?: It is possible that CVE-2018-5407 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2018-5407?: CVE-2018-5407 affects N/A Processors supporting Simultaneous Multi-Threading.

Description

Categories

CWE-200 – Exposure of Sensitive Information to an Unauthorized Actor

CWE-203 – Observable Discrepancy

References

Frequently Asked Questions