#VU9882 Information disclosure in Intel CPU


Published: 2020-03-18 | Updated: 2020-09-01

Vulnerability identifier: #VU9882

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-5754

CWE-ID: CWE-200

Exploitation vector: Local

Exploit availability: Yes

Vulnerable software:
Intel CPU
Hardware solutions / Firmware

Vendor: Intel

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in Intel CPU hardware due to side-channel attacks, which are also referred to as Meltdown attacks. A local attacker can execute arbitrary code, perform a side-channel analysis of the data cache and gain access to sensitive information including memory from the CPU cache.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Intel CPU: All versions


CPE

External links
http://01.org/security/advisories/intel-oss-10003


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability