Attacker Value
Very Low
(1 user assessed)
Exploitability
Very Low
(1 user assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
0

Intel CPU Memory Mapping Local Information Leak: 'Spoiler'

Disclosure Date: April 17, 2019
CVE-2019-0162 CVSS v3 Base Score: 3.8
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Memory access in virtual memory mapping for some microprocessors may allow an authenticated user to potentially enable information disclosure via local access.

Add Assessment

1
Ratings
  • Attacker Value
    Very Low
  • Exploitability
    Very Low
Common in enterpriseNo useful accessRequires physical access
Technical Analysis

Another in the long line of speculative side-channel attacks, this increases the effectiveness of existing attacks, but is also disabled by similar mitigations. Unlikely to be used in any practical way by an attacker, there are many more sources of low-hanging fruit.

Log in to Add Reply
CVSS V3 Severity and Metrics
Base Score:
3.8 Low
Impact Score:
1.4
Exploitability Score:
2
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Changed
Confidentiality (C):
Low
Integrity (I):
None
Availability (A):
None

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Microprocessor Memory Mapping Advisory Some Microprocessors with Virtual Memory Mapping.
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • intel

Products

  • - -

Additional Info

Authenticated
Always
Exploitable
Always
Reliability
Very Weak
Stability
Very Weak
Available Mitigations
Unknown
Shelf Life
Very Long
Userbase/Installbase
Very Large
Patch Effectiveness
Unknown
Technical Analysis