CVE-2018-9056
Publication date 27 March 2018
Last updated 1 August 2025
Ubuntu priority
Description
Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch predictor, as demonstrated by a pattern history table (PHT), aka BranchScope.
Notes
tyhicks
Intel does not appear to have plans to address this issue through a microcode update. There's nothing that the Linux kernel can do to mitigate it. Ubuntu is ignoring this issue for now but may revisit the decision in the future.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
5.6 · Medium
|
| Attack vector | Local |
| Attack complexity | High |
| Privileges required | Low |
| User interaction | None |
| Scope | Changed |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N |