CVE-2018-9056

moderate-risk
Published 2018-03-27

Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch predictor, as demonstrated by a pattern history table (PHT), aka BranchScope.

Do I need to act?

-
0.12% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.6/10 Medium
LOCAL / HIGH complexity

Affected Products (20)

Affected Vendors

Intel Arm

References (4)

Exploit http://www.cs.ucr.edu/~nael/pubs/asplos18.pdf
Third Party Advisory https://arstechnica.com/gadgets/2018/03/its-not-just-spectre-researchers-reveal-...
Exploit http://www.cs.ucr.edu/~nael/pubs/asplos18.pdf
Third Party Advisory https://arstechnica.com/gadgets/2018/03/its-not-just-spectre-researchers-reveal-...
49
/ 100
moderate-risk
Severity 15/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 33/34 · Critical