Upstream information

CVE-2019-0162 at MITRE

Description

Memory access in virtual memory mapping for some microprocessors may allow an authenticated user to potentially enable information disclosure via local access.

Upstream Security Advisories:

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 2.1
Vector AV:L/AC:L/Au:N/C:P/I:N/A:N
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None
CVSS v3 Scores
  National Vulnerability Database
Base Score 3.8
Vector CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Changed
Confidentiality Impact Low
Integrity Impact None
Availability Impact None
CVSSv3 Version 3

Note from the SUSE Security Team

Software mitigations for this side channel attack are currently not possible. The attack itself only gains knowledge about virtual to physical address translation, which needs a secondary attack to gain information. For secondary attacks like Spectre or Meltdown SUSE has implemented software mitigations.

SUSE Bugzilla entry: 1128155 [RESOLVED / WONTFIX]

SUSE Security Advisories:


SUSE Timeline for this CVE

CVE page created: Wed Mar 6 21:17:13 2019
CVE page last modified: Wed Oct 26 21:39:48 2022