Vulnerability Note VU#911878
Simultaneous multithreading processors may leak information through cache eviction analysis techniques
Operating systems on hardware platforms supporting simultaneous multi-threading (Hyper-Threading technology in particular) are potentially vulnerable to information leakage to local users. Proof of concept papers and code demonstrating successful attacks against cryptographic keys are in public circulation.
Hyper-Threading (HT) Technology allows two series of instructions to run simultaneously and independently on a single processor. With Hyper-Threading Technology enabled, the system treats a physical processor as two "logical" processors. Each logical processor is allocated a thread on which to work, as well as a share of execution resources such as cache memories, execution units, and buses.
Information could potentially be deduced by local users using programs capable of shared memory cache eviction analysis. Proof of concept code using timing and cache eviction analysis techniques have demonstrated that cyptographic keys can be deduced on Intel processors with Hyper-Threading technology (HTT) . It is likely that similar techniques could be employed on other processor architectures that support simultaneous multithreading.
Sensitive information, including cryptographic key material, may be leaked to other local users on the affected system.
We are not aware of an all encompassing short term solution to this issue.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|FreeBSD||Affected||23 May 2005||24 May 2005|
|Red Hat Inc.||Affected||23 May 2005||05 Aug 2005|
|SCO||Affected||23 May 2005||24 May 2005|
|Sun Microsystems Inc.||Affected||23 May 2005||03 Jun 2005|
|F5 Networks||Not Affected||23 May 2005||26 May 2005|
|Juniper Networks||Not Affected||23 May 2005||02 Jun 2005|
|Apple Computer Inc.||Unknown||23 May 2005||24 May 2005|
|Connectiva||Unknown||23 May 2005||24 May 2005|
|Cray Inc.||Unknown||23 May 2005||24 May 2005|
|Debian||Unknown||23 May 2005||24 May 2005|
|EMC Corporation||Unknown||23 May 2005||24 May 2005|
|Engrade||Unknown||23 May 2005||24 May 2005|
|Fujitsu||Unknown||23 May 2005||24 May 2005|
|Hewlett-Packard Company||Unknown||23 May 2005||24 May 2005|
|Hitachi||Unknown||23 May 2005||24 May 2005|
CVSS Metrics (Learn More)
Colin Percival is credited with bringing the issue to the attention of vendors and the wider community.
This document was written by Robert Mead and Chad Dougherty.
- CVE IDs: CAN-2005-0109
- Date Public: 13 May 2005
- Date First Published: 23 May 2005
- Date Last Updated: 05 Aug 2005
- Severity Metric: 8.30
- Document Revision: 22
If you have feedback, comments, or additional information about this vulnerability, please send us email.