Information disclosure vulnerability via Lazy FP state restore - CVE-2018-3665ID: oval:org.secpod.oval:def:46443 | Date: (C)2018-07-12 (M)2024-04-17 |
Class: VULNERABILITY | Family: windows |
An attacker, via a local process, could cause information stored in FP (Floating Point), MMX, and SSE register state to be disclosed across security boundaries on Intel Core family CPUs through speculative execution. An attacker must be able to execute code locally on a system in order to exploit this vulnerability, similar to the other speculative execution vulnerabilities. The information that could be disclosed in the register state depends on the code executing on a system and whether any code stores sensitive information in FP register state. The security boundaries that may be affected by this vulnerability include virtual machine, kernel, and process.
Platform: |
Microsoft Windows 10 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |