Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2017-5715 |
CWE-ID | CWE-200 |
Exploitation vector | Local |
Public exploit | Public exploit code for vulnerability #1 is available. |
Vulnerable software Subscribe |
SUSE Linux Operating systems & Components / Operating system |
Vendor | SuSE |
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU9883
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-5715
CWE-ID:
CWE-200 - Information Exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can utilize branch target injection, execute arbitrary code, perform a side-channel attack and read sensitive memory information.
MitigationUpdate the affected packages.
SUSE Linux: 12
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00027.html
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?