Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.

References[email protected]/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/[email protected]/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/


Source: MITRE

Published: 2018-08-14

Updated: 2020-08-24

Type: CWE-203

Risk Information

CVSS v2.0

Base Score: 4.7

Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N

Impact Score: 6.9

Exploitability Score: 3.4

Severity: MEDIUM

CVSS v3.0

Base Score: 5.6

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Impact Score: 4

Exploitability Score: 1.1

Severity: MEDIUM