These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2023-28746 describes an information exposure issue on some Intel Atom processors where transient execution can leave sensitive data in microarchitectural state. An authenticated local user may be able to leverage that behavior to disclose information. The published CVSS score is 6.5 (MEDIUM), with local access and low privileges required.
CVE-2015-2291 is listed by CISA as a Known Exploited Vulnerability affecting Intel Ethernet Diagnostics Driver for Windows and described as a denial-of-service issue. The KEV record was added on 2023-02-10 with a remediation due date of 2023-03-03. The supplied record also marks known ransomware campaign use as "Known," which raises the operational priority for any environment still running the affected driver.
CVE-2017-5689 is listed by CISA as a Known Exploited Vulnerability affecting Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability. The catalog description identifies it as a privilege escalation issue and directs defenders to apply vendor updates. Because it appears in the KEV catalog, it should be treated as a remediation priority for any environment using [truncated]
CVE-2017-5682 is a high-severity local privilege escalation issue in Intel’s PSET Application Install wrapper used by several Intel 2017 software lines. According to NVD, the flaw can allow a process to be launched with escalated privileges, and the CVSS vector indicates local access, low privileges, and user interaction are required.
CVE-2016-8105 describes a denial-of-service issue in Intel Ethernet Controller X710 and XL710 family drivers when deployed in certain layer 2 network configurations. The issue is publicly documented by Intel and NVD, with the CVSS vector indicating an adjacent-network attack that affects availability only. For defenders, the main concern is service disruption on systems using the affected Intel drivers ra [truncated]
CVE-2017-5927 is a high-severity information disclosure issue involving a side-channel on MMU page-table walks during virtual-to-physical translation. According to the source description and linked research, an attacker can observe cache effects from these MMU operations to leak data and code pointers from JavaScript, which can break ASLR. The NVD record classifies the issue as CVSS 7.5 with no privileges [truncated]
CVE-2017-5926 is a cache-based side-channel weakness in MMU page table walks during virtual-to-physical address translation. According to the source description, the trace left in last-level cache can be observed to leak data and code pointers from JavaScript, which can break ASLR. The CVE was published on 2017-02-27 and is rated CVSS 7.5 High in the supplied record.
CVE-2017-5925 is a hardware side-channel issue in page-table walks performed by the MMU during virtual-to-physical address translation. According to the official NVD record and linked technical references, an attacker running JavaScript can observe cache effects from MMU activity and use that leakage to recover data and code pointers, which can break or weaken ASLR. This is a confidentiality issue with no [truncated]