Microarchitectural Data Sampling Vulnerability in Intel Processors
CVE-2019-11091

5.6MEDIUM

Key Information:

Vendor
Intel Corporation
Status
Central Processing Units (cpus)
Vendor
CVE Published:
30 May 2019

Summary

This vulnerability relates to the Microarchitectural Data Sampling Uncacheable Memory (MDSUM) on certain Intel microprocessors that implement speculative execution. It could allow an authenticated user with local access to potentially exploit this flaw to disclose sensitive information through side channels. System administrators should apply relevant patches and mitigations as detailed in vendor advisories to protect against this vulnerability.

Affected Version(s)

Central Processing Units (CPUs) A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

References

https://www.intel.com/content/www/us/en/security-center/a...
x_refsource_CONFIRM
https://www.synology.com/security/advisory/Synology_SA_19_24
x_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
5.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.