Microarchitectural Load Port Data Sampling Vulnerabilities in Intel Products
CVE-2018-12127

5.6MEDIUM

Key Information:

Vendor
Intel
Status
Central Processing Units (cpus)
Vendor
CVE Published:
30 May 2019

Summary

Microarchitectural Load Port Data Sampling (MLPDS) vulnerabilities affect certain Intel microprocessors, where load ports utilizing speculative execution can potentially be exploited by authenticated users. This exploitation may enable attackers to bypass security measures and extract sensitive information via a side channel, provided they have local access. Affected users are encouraged to consult the Intel security advisory for guidance on remediation and to ensure their systems are running updated microcode.

Affected Version(s)

Central Processing Units (CPUs) A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

References

https://www.intel.com/content/www/us/en/security-center/a...
x_refsource_CONFIRM
https://www.synology.com/security/advisory/Synology_SA_19_24
x_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
5.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.