A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.
https://www.bleepingcomputer.com/news/security/new-spectre-v2-attack-impacts-linux-systems-on-intel-cpus/
https://www.kb.cert.org/vuls/id/155143
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/branch-history-injection.htm
https://lists.fedoraproject.org/archives/list/[email protected]/message/RYAZ7P6YFJ2E3FHKAGIKHWS46KYMMTZH/
https://lists.fedoraproject.org/archives/list/[email protected]/message/D5OK6MH75S7YWD34EWW7QIZTS627RIE3/
https://lists.fedoraproject.org/archives/list/[email protected]/message/6QKNCPX7CJUK4I6BRGABAUQK2DMQZUCA/
https://github.com/vusec/inspectre-gadget?tab=readme-ov-file
http://xenbits.xen.org/xsa/advisory-456.html
http://www.openwall.com/lists/oss-security/2024/05/07/7
http://www.openwall.com/lists/oss-security/2024/04/09/15
Source: Mitre, NVD
Published: 2024-12-19
Updated: 2025-01-09
Named Vulnerability: Spectre v2
Base Score: 4
Vector: CVSS2#AV:L/AC:H/Au:N/C:C/I:N/A:N
Severity: Medium
Base Score: 4.7
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS: 0.00021