Covert Channel Vulnerability in FreeBSD Affected by Hyper-Threading Technology
CVE-2005-0109

5.6MEDIUM

Key Information:

Vendor

FreeBSD

Status
FreeBSD
Unixware
Enterprise Linux
Enterprise Linux Desktop
Vendor
CVE Published:
5 March 2005

What is CVE-2005-0109?

This vulnerability arises from the implementation of Hyper-Threading technology in FreeBSD, among other operating systems. It permits local users to deploy malicious threads capable of creating covert channels that monitor the execution of other threads. By exploiting timing variations during memory cache misses, an attacker can infer sensitive information, such as cryptographic keys, thus posing serious risks to data confidentiality. This highlights the need for heightened security measures in systems utilizing Hyper-Threading.

References

http://www.kb.cert.org/vuls/id/911878
third-party-advisoryx_refsource_CERT-VN
http://secunia.com/advisories/18165
third-party-advisoryx_refsource_SECUNIA
http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCH...
x_refsource_MISC

CVSS V3.1

Score:
5.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.