Strix
26.1K

CVE-2018-9056

UnknownEPSS 0.70%

Last modified

CVE-2018-9056 is a vulnerability of currently unknown severity. Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch predictor, as demonstrated by a pattern history table (PHT), aka BranchScope.. EPSS estimates a 0.70% chance of exploitation in the next 30 days.

Description

Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch predictor, as demonstrated by a pattern history table (PHT), aka BranchScope.

Metrics

EPSS Probability
0.70%

48.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
IntelAtom Cc2308
IntelAtom Cc2316
IntelAtom Cc2338
IntelAtom Cc2350
IntelAtom Cc2358
IntelAtom Cc2508
IntelAtom Cc2516
IntelAtom Cc2518
IntelAtom Cc2530
IntelAtom Cc2538
IntelAtom Cc2550
IntelAtom Cc2558
IntelAtom Cc2718
IntelAtom Cc2730
IntelAtom Cc2738
IntelAtom Cc2750
IntelAtom Cc2758
IntelAtom Cc3308
IntelAtom Cc3338
IntelAtom Cc3508
IntelAtom Cc3538
IntelAtom Cc3558
IntelAtom Cc3708
IntelAtom Cc3750
IntelAtom Cc3758
IntelAtom Cc3808
IntelAtom Cc3830
IntelAtom Cc3850
IntelAtom Cc3858
IntelAtom Cc3950
IntelAtom Cc3955
IntelAtom Cc3958
IntelAtom Ee3805
IntelAtom Ee3815
IntelAtom Ee3825
IntelAtom Ee3826
IntelAtom Ee3827
IntelAtom Ee3845
IntelAtom X3c3130
IntelAtom X3c3200rk
IntelAtom X3c3205rk
IntelAtom X3c3230rk
IntelAtom X3c3235rk
IntelAtom X3c3265rk
IntelAtom X3c3295rk
IntelAtom X3c3405
IntelAtom X3c3445
IntelAtom Zz2420
IntelAtom Zz2460
IntelAtom Zz2480

Showing 50 of 1065 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2018-9056?
Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch predictor, as demonstrated by a pattern history table (PHT), aka BranchScope.
How severe is CVE-2018-9056?
Severity scoring for CVE-2018-9056 is pending analysis. The EPSS model estimates a 0.70% probability of exploitation in the next 30 days.
How do I fix CVE-2018-9056?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-9056?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST