CVE-2005-0109
NONE EPSS 39.4%
Published Mar 5, 200521y ago · Modified Jun 16, 20262w ago
Published Mar 5, 2005 21y ago
Last Modified Jun 16, 2026 2w ago
Description
Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.
Threat Intelligence
EPSS Exploit Probability
39.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 121
| Vendor | Product | Version | Range |
|---|---|---|---|
| freebsd | freebsd | 1.1.5.1 | any |
| freebsd | freebsd | 2.0 | any |
| freebsd | freebsd | 2.0.5 | any |
| freebsd | freebsd | 2.1.0 | any |
| freebsd | freebsd | 2.1.5 | any |
| freebsd | freebsd | 2.1.6 | any |
| freebsd | freebsd | 2.1.6.1 | any |
| freebsd | freebsd | 2.1.7.1 | any |
| freebsd | freebsd | 2.2 | any |
| freebsd | freebsd | 2.2.2 | any |
| freebsd | freebsd | 2.2.3 | any |
| freebsd | freebsd | 2.2.4 | any |
| freebsd | freebsd | 2.2.5 | any |
| freebsd | freebsd | 2.2.6 | any |
| freebsd | freebsd | 2.2.8 | any |
| freebsd | freebsd | 3.0 | any |
| freebsd | freebsd | 3.0 | any |
| freebsd | freebsd | 3.1 | any |
| freebsd | freebsd | 3.2 | any |
| freebsd | freebsd | 3.3 | any |
| freebsd | freebsd | 3.4 | any |
| freebsd | freebsd | 3.5 | any |
| freebsd | freebsd | 3.5 | any |
| freebsd | freebsd | 3.5.1 | any |
| freebsd | freebsd | 3.5.1 | any |
| freebsd | freebsd | 3.5.1 | any |
| freebsd | freebsd | 4.0 | any |
| freebsd | freebsd | 4.0 | any |
| freebsd | freebsd | 4.0 | any |
| freebsd | freebsd | 4.1 | any |
| freebsd | freebsd | 4.1.1 | any |
| freebsd | freebsd | 4.1.1 | any |
| freebsd | freebsd | 4.1.1 | any |
| freebsd | freebsd | 4.2 | any |
| freebsd | freebsd | 4.2 | any |
| freebsd | freebsd | 4.3 | any |
| freebsd | freebsd | 4.3 | any |
| freebsd | freebsd | 4.3 | any |
| freebsd | freebsd | 4.3 | any |
| freebsd | freebsd | 4.3 | any |
| freebsd | freebsd | 4.4 | any |
| freebsd | freebsd | 4.4 | any |
| freebsd | freebsd | 4.4 | any |
| freebsd | freebsd | 4.4 | any |
| freebsd | freebsd | 4.5 | any |
| freebsd | freebsd | 4.5 | any |
| freebsd | freebsd | 4.5 | any |
| freebsd | freebsd | 4.5 | any |
| freebsd | freebsd | 4.5 | any |
| freebsd | freebsd | 4.6 | any |
| freebsd | freebsd | 4.6 | any |
| freebsd | freebsd | 4.6 | any |
| freebsd | freebsd | 4.6 | any |
| freebsd | freebsd | 4.6 | any |
| freebsd | freebsd | 4.6.2 | any |
| freebsd | freebsd | 4.7 | any |
| freebsd | freebsd | 4.7 | any |
| freebsd | freebsd | 4.7 | any |
| freebsd | freebsd | 4.7 | any |
| freebsd | freebsd | 4.7 | any |
| freebsd | freebsd | 4.8 | any |
| freebsd | freebsd | 4.8 | any |
| freebsd | freebsd | 4.8 | any |
| freebsd | freebsd | 4.8 | any |
| freebsd | freebsd | 4.9 | any |
| freebsd | freebsd | 4.9 | any |
| freebsd | freebsd | 4.9 | any |
| freebsd | freebsd | 4.10 | any |
| freebsd | freebsd | 4.10 | any |
| freebsd | freebsd | 4.10 | any |
| freebsd | freebsd | 4.10 | any |
| freebsd | freebsd | 4.11 | any |
| freebsd | freebsd | 4.11 | any |
| freebsd | freebsd | 4.11 | any |
| freebsd | freebsd | 5.0 | any |
| freebsd | freebsd | 5.0 | any |
| freebsd | freebsd | 5.0 | any |
| freebsd | freebsd | 5.0 | any |
| freebsd | freebsd | 5.1 | any |
| freebsd | freebsd | 5.1 | any |
| freebsd | freebsd | 5.1 | any |
| freebsd | freebsd | 5.1 | any |
| freebsd | freebsd | 5.1 | any |
| freebsd | freebsd | 5.2 | any |
| freebsd | freebsd | 5.2.1 | any |
| freebsd | freebsd | 5.2.1 | any |
| freebsd | freebsd | 5.3 | any |
| freebsd | freebsd | 5.3 | any |
| freebsd | freebsd | 5.3 | any |
| freebsd | freebsd | 5.3 | any |
| freebsd | freebsd | 5.4 | any |
| freebsd | freebsd | 5.4 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 3.0 | any |
| redhat | enterprise_linux | 3.0 | any |
| redhat | enterprise_linux | 3.0 | any |
| redhat | enterprise_linux | 4.0 | any |
| redhat | enterprise_linux | 4.0 | any |
| redhat | enterprise_linux | 4.0 | any |
| redhat | enterprise_linux_desktop | 3.0 | any |
| redhat | enterprise_linux_desktop | 4.0 | any |
| redhat | fedora_core | core_3.0 | any |
| sco | openserver | 5.0.7 | any |
| sco | unixware | 7.1.3 | any |
| sco | unixware | 7.1.3_up | any |
| sco | unixware | 7.1.4 | any |
| sun | solaris | 7.0 | any |
| sun | solaris | 8.0 | any |
| sun | solaris | 9.0 | any |
| sun | solaris | 9.0 | any |
| sun | solaris | 10.0 | any |
| ubuntu | ubuntu_linux | 4.1 | any |
| ubuntu | ubuntu_linux | 4.1 | any |
| ubuntu | ubuntu_linux | 5.04 | any |
| ubuntu | ubuntu_linux | 5.04 | any |
| ubuntu | ubuntu_linux | 5.04 | any |
References 18
- ftp.sco.com ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.24/SCOSA-2005.24.txt
- marc.info http://marc.info/?l=freebsd-hackers&m=110994026421858&w=2
- marc.info http://marc.info/?l=freebsd-security&m=110994370429609&w=2
- marc.info http://marc.info/?l=openbsd-misc&m=110995101417256&w=2
- secunia.com http://secunia.com/advisories/15348
- secunia.com http://secunia.com/advisories/18165
- securitytracker.com http://securitytracker.com/id?1013967
- sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-26-101739-1
- www-1.ibm.com http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754
- daemonology.net http://www.daemonology.net/hyperthreading-considered-harmful/
- daemonology.net http://www.daemonology.net/papers/htt.pdf
- kb.cert.org http://www.kb.cert.org/vuls/id/911878
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-476.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-800.html
- securityfocus.com http://www.securityfocus.com/bid/12724
- vupen.com http://www.vupen.com/english/advisories/2005/0540
- vupen.com http://www.vupen.com/english/advisories/2005/3002
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9747
Remediation
- securitytracker.com http://securitytracker.com/id?1013967
- securityfocus.com http://www.securityfocus.com/bid/12724