A vulnerability in the design of most modern CPUs using Simultaneous Multithreading (SMT)/Hyper-Threading could allow a local attacker to access sensitive information on a targeted system.
The vulnerability exists in the execution engine sharing functionality on SMT/Hyper-Threading architectures and is due to port contention. An attacker with sufficient system access to execute code on a parallel thread of a targeted CPU core could exploit the vulnerability by targeting ports to stacks of execution units in order to create a high-resolution timing side-channel. A successful exploit could allow the attacker to use side-channel timing attacks to access sensitive information on the system.
Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.
Intel has not confirmed the vulnerability or released software updates.
OpenSSL has confirmed the vulnerability and released software updates.