Vulnerability identifier: #VU9883
Vulnerability risk: Low
CVSSv3.1:
CVE-ID:
CWE-ID:
Exploitation vector: Local
Exploit availability:
Vulnerable software:
Intel CPU
Hardware solutions /
Firmware
Vendor: Intel
Description
The vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can utilize branch target injection, execute arbitrary code, perform a side-channel attack and read sensitive memory information.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Intel CPU: All versions
Fixed software versions
CPE
External links
http://newsroom.intel.com/news/intel-responds-to-security-research-findings/
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?