VDB
VDE-2018-009
VDE-2018-009
PUBLISHED
CVSS 5.599999904632568 MEDIUM
Critical vulnerabilities within several CPUs have been identified by security researchers. These hardware vulnerabilities allow programs to learn about the contents of a system's memory, using side-channel attacks. Potential attack vectors against these vulnerabilities have been published and dubbed Meltdown and Spectre. While programs are typically not permitted to read data from the OS kernel or from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in kernel memory or the memory of other programs executed on the same CPU. As a consequence, an exploit could allow attackers to get access to any sensitive data, including passwords or cryptographic keys.
Risk Scores
CVSS v3.1
5.599999904632568
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 10/2018 FOTA | ||
| Ex-Handy 209 | ||
| Windows 10 IoT Mobile 69.01.15 | ||
| Windows 10 IoT Mobile 70.01.15 | ||
| Smart-Ex 201 | ||
| CT50-Ex | ||
| Windows 10 IoT Mobile <68.01.15 | ||
| Pad-Ex 01 | ||
| 09/2018 FOTA | ||
| Windows Embedded Handheld | ||
| Ex-Handy 09 | ||
| i.roc Ci70-Ex | ||
| Windows Operating Systems | ||
| Windows 10 IoT Mobile 71.01.15 | ||
| Smart-Ex 01 | ||
| Tab-Ex 01 | ||
| Android <10/2018 FOTA-Update | ||
| Android <09/2018 FOTA-Update | ||
| Windows 10 IoT Mobile 68.01.15 | ||
| Cx70-Ex |
Timeline
- Jul 6, 2018 CVE Published
- Oct 23, 2018 CVE Updated