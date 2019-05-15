Vigil@nce - Intel processors: information disclosure via performance measurement

May 2019 by Vigil@nce

SYNTHESIS OF THE VULNERABILITY

Impacted products: XenServer, Debian, Fedora, FortiAnalyzer, FortiGate, FortiManager, FortiOS, FreeBSD, Linux, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 2019, Windows 7, Windows 8, Windows RT, OpenBSD, openSUSE Leap, pfSense, RHEL, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu, ESXi, vCenter Server, VMware vSphere Hypervisor, Xen.

Severity: 1/4.

Consequences: data reading.

Provenance: user shell.

Confidence: confirmed by the editor (5/5).

Creation date: 15/05/2019.

Revision date: 15/05/2019.

DESCRIPTION OF THE VULNERABILITY

An attacker can measure performances of his process, in order to get sensitive information about other process or, if the host is virtualized, about other guest systems.

ACCESS TO THE FULL VIGIL@NCE BULLETIN

