#VU9883 Information disclosure in Intel CPU


Published: 2020-09-01

Vulnerability identifier: #VU9883

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-5715

CWE-ID: CWE-200

Exploitation vector: Local

Exploit availability: Yes

Vulnerable software:
Intel CPU
Hardware solutions / Firmware

Vendor: Intel

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can utilize branch target injection, execute arbitrary code, perform a side-channel attack and read sensitive memory information.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Intel CPU: All versions

CPE

External links
http://newsroom.intel.com/news/intel-responds-to-security-research-findings/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


Multiple vulnerabilities in Siemens RUGGEDCOM and SCALANCE Products
CentOS 7 update for kernel
Red Hat Enterprise Linux 7 update for kernel
Red Hat Enterprise Linux 7 update for kernel-rt
Red Hat Enterprise Linux 6 Extended Lifecycle Support update for kernel
Multiple vulnerabilities in IBM QRadar Network Packet Capture
Multiple vulnerabilities in Dell EMC VxRack SDDC
Red Hat Enterprise Linux 8 update for kernel
Red Hat Enterprise Linux 8 update for kernel-rt
Red Hat Enterprise Linux 5 Extended Lifecycle Support update for kernel