Vulnerability identifier: #VU9882
Vulnerability risk: Low
CVSSv3.1:
CVE-ID:
CWE-ID:
CWE-200
Exploitation vector: Local
Exploit availability: Yes
Vulnerable software:
Intel CPU
Hardware solutions /
Firmware
Vendor: Intel
Description
The vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in Intel CPU hardware due to side-channel attacks, which are also referred to as Meltdown attacks. A local attacker can execute arbitrary code, perform a side-channel analysis of the data cache and gain access to sensitive information including memory from the CPU cache.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Intel CPU: All versions
CPE
External links
http://01.org/security/advisories/intel-oss-10003
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?