Vulnerability Description
Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch predictor, as demonstrated by a pattern history table (PHT), aka BranchScope.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Intel | Atom C | c2308 |
| Intel | Atom E | e3805 |
| Intel | Atom X3 | c3130 |
| Intel | Atom Z | z2420 |
| Intel | Celeron J | j1750 |
| Intel | Celeron N | n2805 |
| Intel | Core I3 | 330e |
| Intel | Core I5 | 430m |
| Intel | Core I7 | 7y75 |
| Intel | Core M | 5y10 |
| Intel | Core M3 | 6y30 |
| Intel | Core M5 | 6y54 |
| Intel | Core M7 | 6y75 |
| Intel | Pentium J | j2850 |
| Intel | Pentium N | n3510 |
| Intel | Xeon | e5502 |
| Intel | Xeon Bronze 3104 | - |
| Intel | Xeon Bronze 3106 | - |
| Intel | Xeon E-1105C | - |
| Intel | Xeon E3 | 1505m_v6 |
Related Weaknesses (CWE)
References
- http://www.cs.ucr.edu/~nael/pubs/asplos18.pdfExploitThird Party Advisory
- https://arstechnica.com/gadgets/2018/03/its-not-just-spectre-researchers-reveal-Third Party Advisory
- http://www.cs.ucr.edu/~nael/pubs/asplos18.pdfExploitThird Party Advisory
- https://arstechnica.com/gadgets/2018/03/its-not-just-spectre-researchers-reveal-Third Party Advisory
FAQ
What is CVE-2018-9056?
CVE-2018-9056 is a vulnerability with a CVSS score of 5.6 (MEDIUM). Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch ...
How severe is CVE-2018-9056?
CVE-2018-9056 has been rated MEDIUM with a CVSS base score of 5.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-9056?
Check the references section above for vendor advisories and patch information. Affected products include: Intel Atom C, Intel Atom E, Intel Atom X3, Intel Atom Z, Intel Celeron J.