Public Date:
1561794: CVE-2018-9056 hw: cpu: speculative execution branch predictor side-channel attack
BranchScope is a new class of attack which leverages functioning of the Branch Prediction Unit (BPU) of a processor to infer/leak sensitive process information, which is involved in the branch decision making (if (x) { x ^ y; } else {x & y;}). In this, BranchScope side-channel could help to infer 'x', by observing prediction patterns of the Branch Prediction Unit (BPU).

Find out more about CVE-2018-9056 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 5.6
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Changed
Confidentiality High
Integrity Impact None
Availability Impact None
Unless explicitly stated as not affected, all previous versions of packages in any minor update stream of a product listed here should be assumed vulnerable, although may not have been subject to full analysis.


This is a hardware processor issue, not a Linux kernel flaw. The flaw specifically targets software which uses sensitive information in branching expressions. A software mitigation could be for the target software to avoid the use of sensitive data bits in (if..else) branching decisions or to avoid (if..else) branching altogether.

External References

Last Modified