A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read by another process or a CPU sibling. The highest threat from this vulnerability is data confidentiality where an attacker could read arbitrary data as it passes through the processor.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | microcode_ctl | 2020-07-14 01:55 | ALAS-2020-1396 |
Amazon Linux 2 - Core | microcode_ctl | 2020-06-26 22:53 | ALAS2-2020-1444 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 2.8 | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N |
NVD | CVSSv3 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
NVD | CVSSv2 | 2.1 | AV:L/AC:L/Au:N/C:P/I:N/A:N |