Information Exposure through Microarchitectural State after Transient Execution

CVE-2023-28746

Medium

6.5/10

Summary

Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: CHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-1342 - Information Exposure through Microarchitectural State after Transient Execution

The processor does not properly clear microarchitectural state after incorrect microcode assists or speculative execution, resulting in transient execution.

References

Advisory Timeline

Published Mar 14, 2024

Information Exposure through Microarchitectural State after Transient Execution

CVE-2023-28746

Summary

CWE-1342 - Information Exposure through Microarchitectural State after Transient Execution

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS