CVE-2005-0109
moderate-risk
Published 2005-03-05
Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.
Do I need to act?
-
0.14% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.6/10
Medium
LOCAL
/ HIGH complexity
Affected Products (20)
References (36)
Third Party Advisory
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.24/SCOSA-2005.24.txt
Permissions Required
http://secunia.com/advisories/15348
Permissions Required
http://secunia.com/advisories/18165
Third Party Advisory
http://www.daemonology.net/hyperthreading-considered-harmful/
Third Party Advisory
http://www.daemonology.net/papers/htt.pdf
Third Party Advisory
http://www.kb.cert.org/vuls/id/911878
Not Applicable
http://www.redhat.com/support/errata/RHSA-2005-476.html
Not Applicable
http://www.redhat.com/support/errata/RHSA-2005-800.html
Permissions Required
http://www.vupen.com/english/advisories/2005/0540
Permissions Required
http://www.vupen.com/english/advisories/2005/3002
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3...
Third Party Advisory
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.24/SCOSA-2005.24.txt
and 16 more references
47
/ 100
moderate-risk
Severity
15/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
31/34 · Critical