Upstream information

CVE-2019-0162 at MITRE

Description

Memory access in virtual memory mapping for some microprocessors may allow an authenticated user to potentially enable information disclosure via local access.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 2.1
Vector AV:L/AC:L/Au:N/C:P/I:N/A:N
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None
CVSS v3 Scores
  National Vulnerability Database
Base Score 3.8
Vector CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Access Vector Local
Access Complexity Low
Privileges Required Low
User Interaction None
Scope Changed
Confidentiality Impact Low
Integrity Impact None
Availability Impact None
CVSSv3 Version 3

Note from the SUSE Security Team

Software mitigations for this side channel attack are currently not possible. The attack itself only gains knowledge about virtual to physical address translation, which needs a secondary attack to gain information. For secondary attacks like Spectre or Meltdown SUSE has implemented software mitigations.

SUSE Bugzilla entry: 1128155 [RESOLVED / WONTFIX]

SUSE Security Advisories: