I just heard in the news: Intel CPUs impacted by new PortSmash side-channel vulnerability. Is it as threatening as Meltdown/Spectre? Is it patched? What should we do to be safe? Does it affect AMD CPU's?
It is found by a team in a university so possibly it is not dangerous but a POC is available in GitHub, which makes me to worry.
As with a lot of breaking-news coverage of computer security, there's a lot of questionable reporting on PortSmash. It's not actually very interesting, as it doesn't really add much to the attacker toolkit. It only affects a very narrow set of targets, which are already vulnerable to other attacks (and have been for years).
Colin Percival actually described the attack in question 13 years ago. The scope, specifically, is where there's a secret held in memory (a cryptographic key, for example) that alters what code your program executes. As Percival says in the linked tweets:
The defence against PortSmash is exactly the same as the defence against microarchitectural side channel attacks from 2005: Make sure that the cryptographic key you're using does not affect the sequence of instructions or memory accesses performed by your code.
So this story can be filed under "confirming what we already knew". It's great work -- and I'm glad that after 13 years someone has finally gotten around to writing the exploit -- but it's not something users need to worry about at all.
So PortSmash isn't really anything that new; it's a small evolution in a class of side-channel attacks that all hyper-threading processors are vulnerable to, and have been since the beginning. And yes, it almost certainly impacts both AMD and Intel processors — as it may any hyper-threading processor where similar multi-threading features (specifically, ports or pipes — see comments on this answer for more information) can be maliciously abused.
