AMD CPU - severe side-channel attack vulnerability

Possible Intel smear campaign.

The article didn’t contain any CVE for the defect, so until there is a CVE it’s not official.


I don’t know how they work either.

However, I do know how infosec works, hence my comment about no CVE about the vulnerability.

I did, however, search NVD and was not able to find any AMD CPU related CVE:

Here’s an update.


I like to go to these links so I can nod occasionally with a concerned look as I scroll and pretend to understand what i’m reading.


Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS Scoring:
AV == Attack Vector | L == the threat actor must be local ( have physical access to the system ).

AC == Access Complexity | L == Low. This means that this attack is easy to perform.

PR == Privileges Required | L == Low. Basically means that no authentication is required to perform this attack.

UI == User Interaction | N == None. Means that this attack can be automated.

S == Scope | U == Unchanged.

C == Confidentiality | H == High. Means complete disclosure of the information being sought.

I == Integrity | N == Means that the system isn’t altered by this attack.

A == Availability | N == None. Means that there will be no loss of availability.

These individual ratings are tied to metrics that add up to an overall score for the vulnerability, in this case a 5.5, which puts it as a medium vulnerability.

TL;DR Common Vulnerability Scoring System - Wikipedia

Although the metrics in the wiki do differ a little from what NIST uses today, but the information is still good to know.