Bug 1645695 (CVE-2018-5407)
| Summary: | CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Laura Pardo <lpardo> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | abhgupta, bkundal, bmaxwell, bmcclain, bugproxy, cdewolf, chazlett, csutherl, darran.lofthouse, dbaker, dblechte, dfediuck, dimitris, dosoudil, eedri, erik-fedora, fgavrilo, fnovak, gzaronik, hannsj_uhl, hkario, huzaifas, jawilson, jclere, jokerman, jondruse, jorton, klausk, ktietz, lersek, lgao, marcandre.lureau, mbabacek, mgoldboi, michal.skrivanek, mturk, myarboro, nenad, pgier, philmd, pjurak, ppalaga, psakar, pslavice, rjones, rnetuka, rstancel, rsunog, rsvoboda, sbonazzo, sdarade, security-response-team, sherold, slawomir, sthangav, tmraz, trankin, twalsh, vtunka, weli, yhuang, ysoni, yturgema |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | openssl 1.1.0i, openssl 1.1.1 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-06-10 10:41:40 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1645696, 1645697, 1645698, 1645699, 1645970, 1650390, 1651057, 1651058, 1673950 | ||
| Bug Blocks: | 1645702, 1667483 | ||
|
Description
Laura Pardo
2018-11-02 21:29:52 UTC
Created compat-openssl10 tracking bugs for this issue: Affects: fedora-all [bug 1645698] Created mingw-openssl tracking bugs for this issue: Affects: epel-7 [bug 1645697] Affects: fedora-all [bug 1645696] Note about OpenSSL: Though the reporters demonstrate this flaw against OpenSSL, any application which has secret dependent control flaw will be affected. From an OpenSSL point of view, this particular issue has been fixed in their code via multiple commits: For the 1.1.0 branch, at https://github.com/openssl/openssl/commits/OpenSSL_1_1_0-stable/crypto/ec/ec_mult.c everything starting from aab7c770353b1dc4ba045938c8fb446dd1c4531e OpenSSL released 1.1.1 and 1.1.0i. They contain the relevant patches. Acknowledgments: Name: Billy Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri (Tampere University of Technology; Finland), Alejandro Cabrera Aldaya (Universidad Tecnologica de la Habana CUJAE; Cuba) Statement: This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process. External References: https://github.com/bbbrumley/portsmash https://www.openssl.org/news/secadv/20181112.txt openssl-1.0.2 fix is: https://github.com/openssl/openssl/commit/b18162a7c9bbfb57112459a4d6631fa258fd8c0c#diff-40a9b7f560ef4410b988fafff6e79928 OpenShift Online disables Hyper-Threading, see https://blog.openshift.com/what-openshift-online-customers-should-know-about-l1tf-openshift-sre-security/ Mitigation: At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue. Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:0483 https://access.redhat.com/errata/RHSA-2019:0483 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2125 https://access.redhat.com/errata/RHSA-2019:2125 This issue has been addressed in the following products: Red Hat JBoss Web Server Via RHSA-2019:3931 https://access.redhat.com/errata/RHSA-2019:3931 This issue has been addressed in the following products: Red Hat JBoss Web Server 5.2 on RHEL 7 Red Hat JBoss Web Server 5.2 on RHEL 6 Red Hat JBoss Web Server 5.2 on RHEL 8 Via RHSA-2019:3929 https://access.redhat.com/errata/RHSA-2019:3929 This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2019:3935 https://access.redhat.com/errata/RHSA-2019:3935 This issue has been addressed in the following products: JBoss Core Services on RHEL 7 Via RHSA-2019:3933 https://access.redhat.com/errata/RHSA-2019:3933 This issue has been addressed in the following products: JBoss Core Services on RHEL 6 Via RHSA-2019:3932 https://access.redhat.com/errata/RHSA-2019:3932 |