Upstream information
Description
Memory access in virtual memory mapping for some microprocessors may allow an authenticated user to potentially enable information disclosure via local access.Upstream Security Advisories:
SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 2.1 |
| Vector | AV:L/AC:L/Au:N/C:P/I:N/A:N |
| Access Vector | Local |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | None |
| Availability Impact | None |
| National Vulnerability Database | |
|---|---|
| Base Score | 3.8 |
| Vector | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N |
| Attack Vector | Local |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Changed |
| Confidentiality Impact | Low |
| Integrity Impact | None |
| Availability Impact | None |
| CVSSv3 Version | 3 |
Note from the SUSE Security Team
Software mitigations for this side channel attack are currently not possible. The attack itself only gains knowledge about virtual to physical address translation, which needs a secondary attack to gain information. For secondary attacks like Spectre or Meltdown SUSE has implemented software mitigations. SUSE Bugzilla entry: 1128155 [RESOLVED / WONTFIX]SUSE Security Advisories:
- TID000019415, published Wed Mar 18 21:51:13 CET 2020
- TID7023745, published Wed Apr 10 23:10:15 CEST 2019
SUSE Timeline for this CVE
CVE page created: Wed Mar 6 21:17:13 2019CVE page last modified: Wed Oct 26 21:39:48 2022