Back to board Open MSRC
MSRC compact vulnerability detail

CVE-2020-0955 · Windows Kernel Information Disclosure in CPU Memory Access

An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used to try to compromise the affected system further.

Severity
n/a
Impact
n/a
CVSS
n/a base · n/a temporal
Release
2020-04-14
Signals
Windows Kernel Unknown impact Exploited: No Publicly disclosed: No Exploitability: Exploitation Less Likely
CWE
No CWE data published.
Patch Diff
Loading module diff metadata...
Resolved binary override
Use this when the MSRC module name cannot be mapped automatically or the resolved binary looks wrong.
Old version New version
Description
An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used to try to compromise the affected system further.
FAQ / Articles
FAQ
What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.
FAQ
Where can I find information regarding other speculative side-channel execution vulnerabilities? For information on Microsoft guidance for the Spectre Variant 1 speculative execution side channel vulnerability, see ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities.