Vulnerability CVE-2018-12127


Published: 2019-05-30

Description:
Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

Type:

CWE-200

(Information Exposure)

CVSS2 => (AV:L/AC:M/Au:N/C:C/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.7/10
6.9/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
None
None
Affected software
Intel -> Microarchitectural load port data sampling firmware 
Fedoraproject -> Fedora 

 References:
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html
https://access.redhat.com/errata/RHSA-2019:1455
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html

Copyright 2024, cxsecurity.com

 

Back to Top