CVE-2018-9056

CWE-200Information ExposureCWE-2265 documents5 sources
Severity
5.6MEDIUM
EPSS
0.1%
top 68.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
24
ARM Cortex-aIntel Atom CIntel Atom E+21 more
Timeline
PublishedMar 27
Latest updateMay 13

Description

Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch predictor, as demonstrated by a pattern history table (PHT), aka BranchScope.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 1.1 | Impact: 4.0

Affected Packages24 packages

NVDintel/xeon69 versions+68
NVDarm/cortex-a7 versions+6
NVDintel/atom_c32 versions+31
NVDintel/atom_e6 versions+5
NVDintel/atom_z30 versions+29

🔴Vulnerability Details

2
GHSA
GHSA-p3vf-w52m-259m: Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access vi2022-05-13
CVEList
CVE-2018-9056: Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access vi2018-03-27

📋Vendor Advisories

1
Red Hat
hw: cpu: speculative execution branch predictor side-channel attack2018-03-28

💬Community

1
Bugzilla
CVE-2018-9056 hw: cpu: speculative execution branch predictor side-channel attack2018-03-28
CVE-2018-9056 (MEDIUM CVSS 5.6) | Systems with microprocessors utiliz | cvebase.io