We found results for “


Date: November 15, 2018


This is a side-channel vulnerability that targets Simultaneous Multi-Threading architecture implementation, such as Hyper-Threading microprocessors. The attacker runs a process on the same physical core as the victim to disclose sensitive information from the victim’s processes.


Simultaneous Multi-Threading is a processor implementation leveraging parallelism to enhance its computational capabilities. SMT processors can achieve both thread-level and instruction-level parallelism. As a result, each CPU cycle can process multiple instructions from multiple threads. While efficiency and performance are dramatically improved, this CPU architecture creates a window for exploitation. The attacker targets a selected victim process and runs malicious code on the same core. By analyzing the time it takes to execute its own instructions, the attacker can determine the time taken by the victim’s instructions. Thus, disclosure of secret victim information can be achieved. If the victim process is encrypting some data, a successful attack can reveal the encryption key by running malicious code on the same physical core. At the software level, a vulnerable application is also required. For instance, OpenSSL that has secret dependent control flow at any granularity level.

Affected Environments

Microprocessors utilizing SMT architectures Open SSL versions prior to 1.1.0h


Disable Hyper-Threading via OS or BIOS


Disable Hyper-Threading Use unaffected versions of Open SSL

Language: C#

Good to know:


Information Leak / Disclosure


Observable Discrepancy


Upgrade Version

Upgrade to version OpenSSL_1_1_0i,OpenSSL_1_1_1

Learn More

Base Score:
Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): None
Availability (A): None
Base Score:
Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (AU): None
Confidentiality (C): Partial
Integrity (I): None
Availability (A): None
Additional information: