Security Vulnerability : SMoTherSpectre - exploiting speculative execution through port contention

This document (7023746) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 15

Situation

Researchers have identified a new side channel attack against CPUs, that allows local attackers able to execute code to gain information about other processes running on the same core.
 
Intel CPUs use various "ports" to delegate subtasks of computing. CPU Threads running on the same CPU core share the use of those ports, and while one is used it cannot be used by the other CPU thread.
 
This information can then be used to determine the operation running on the other CPU thread, for instance to detect cryptographic operations and get knowledge of cryptographic materials. 

Resolution

The recommendation for software mitigation is to implement and improve cryptographic and other secret data operations so that they do not expose different CPU port contention based on their input, by using constant time operations.
 
Most of the cryptographic libraries are already implemented in a way that they do not expose this kind of information. 
 
There will be ongoing work to cover more cases as they are identified.

Cause

External research paper : https://arxiv.org/abs/1903.01843

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7023746
  • Creation Date: 25-Feb-2019
  • Modified Date:23-Sep-2020
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback@suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center