Get a Quote   (408) 943-4100               TrueNAS Discord      VendOp_Icon_15x15px   Commercial Support

Versions Affected : All versions prior to TrueNAS SCALE 22.02.0.1.


Description

Non-transparent sharing of branch predictor within a context in some Intel® Processors may allow an authorized user to potentially enable information disclosure via local access.

CVSS

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Base score 4.7.

Workaround

No workarounds available


Mitigation

  • Intel recommends that affected Intel® Processors disable access to managed runtimes in privileged modes to help prevent managed runtimes from being used as disclosure gadgets, such as unprivileged Extended Berkeley packet filter (eBPF) in kernel mode.

Commit

Further information