Side-Channel Attack Vulnerability in Microprocessors by Unknown Vendor
CVE-2018-9056

5.6MEDIUM

Key Information:

Vendor: Intel
Status: Core I7; Core I5; Core I3; Xeon E7
Vendor: CVE Published:; 27 March 2018

Summary

This vulnerability affects microprocessors that utilize speculative execution, enabling unauthorized information disclosure to attackers with local user access. Through the exploitation of the directional branch predictor, specifically the pattern history table (PHT), unauthorized users can gain access to sensitive information via side-channel attacks. This exploit demonstrates the potential risks inherent in modern microprocessor design and highlights the need for enhanced security measures.

References

http://www.cs.ucr.edu/~nael/pubs/asplos18.pdf

x_refsource_MISC

https://arstechnica.com/gadgets/2018/03/its-not-just-spec...

x_refsource_MISC

CVSS V3.1

Score:

5.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 27, 2018
Vulnerability Reserved
Mar 27, 2018