Possible Intel smear campaign.
The article didn’t contain any CVE for the defect, so until there is a CVE it’s not official.
Possible Intel smear campaign.
The article didn’t contain any CVE for the defect, so until there is a CVE it’s not official.
I don’t know how they work either.
However, I do know how infosec works, hence my comment about no CVE about the vulnerability.
I did, however, search NVD and was not able to find any AMD CPU related CVE:
https://nvd.nist.gov/
I like to go to these links so I can nod occasionally with a concerned look as I scroll and pretend to understand what i’m reading.
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS Scoring:
AV == Attack Vector | L == the threat actor must be local ( have physical access to the system ).
AC == Access Complexity | L == Low. This means that this attack is easy to perform.
PR == Privileges Required | L == Low. Basically means that no authentication is required to perform this attack.
UI == User Interaction | N == None. Means that this attack can be automated.
S == Scope | U == Unchanged.
C == Confidentiality | H == High. Means complete disclosure of the information being sought.
I == Integrity | N == Means that the system isn’t altered by this attack.
A == Availability | N == None. Means that there will be no loss of availability.
These individual ratings are tied to metrics that add up to an overall score for the vulnerability, in this case a 5.5, which puts it as a medium vulnerability.
TL;DR Common Vulnerability Scoring System - Wikipedia
Although the metrics in the wiki do differ a little from what NIST uses today, but the information is still good to know.