New PortSmash Hyper-Threading CPU Vuln Can Steal Decryption Keys

From bleepingcomputer.com

PortSmash

A new side-channel vulnerability has been discovered called PortSmash that uses a timing attack that to steal information from other processes running in the same CPU core with SMT/hyper-threading enabled. Utilizing this attack, researchers were able to steal the private decryption key from an OpenSSL thread running in the same core as their exploit.

SMT/Hyper-threading is when one physical CPU core is split into two virtual logical cores that can be used two run two separate process threads at once. This method can increase performance as the two threads will utilize idle CPU resources more efficiently to execute instructions faster.

Read more…