Lucene search
Redhat.comRH:CVE-2018-9056HistoryApr 05, 2020 - 11:05 a.m.
CVE-2018-9056
2020-04-0511:05:57
redhat.com
access.redhat.com
9
EPSS
0.001
Percentile
19.8%
BranchScope is a new class of attack which leverages functioning of the Branch Prediction Unit (BPU) of a processor to infer/leak sensitive process information, which is involved in the branch decision making (if (x) { x ^ y; } else {x & y;}). In this, BranchScope side-channel could help to infer ‘x’, by observing prediction patterns of the Branch Prediction Unit (BPU).
Mitigation
This is a hardware processor issue, not a Linux kernel flaw. The flaw specifically targets software which uses sensitive information in branching expressions. A software mitigation could be for the target software to avoid the use of sensitive data bits in (if…else) branching decisions or to avoid (if…else) branching altogether.
Related
cve
cve
CVE-2018-9056
2018-03-27 17:29:00
nessus
nessus
F5 Networks BIG-IP : Side-channel processor vulnerability (K35135935)
2023-11-03 00:00:00
cvelist
cvelist
CVE-2018-9056
2018-03-27 17:00:00
prion
prion
Information disclosure
2018-03-27 17:29:00
f5
f5
K35135935 : Side-channel processor vulnerability CVE-2018-9056 (BranchScope)
2018-05-04 00:00:00
nvd
nvd
CVE-2018-9056
2018-03-27 17:29:00