#VU9883 Information disclosure in Intel CPU


Published: 2020-09-01

Vulnerability identifier: #VU9883

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-5715

CWE-ID:

Exploitation vector: Local

Exploit availability:

Vulnerable software:
Intel CPU
Hardware solutions / Firmware

Vendor: Intel

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can utilize branch target injection, execute arbitrary code, perform a side-channel attack and read sensitive memory information.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Intel CPU: All versions


Fixed software versions

CPE

External links
http://newsroom.intel.com/news/intel-responds-to-security-research-findings/


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability