CVE-2023-28746: Information exposure through microarchitectural state after transient execution from some register files fo...
Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Security readout for executives and security teams
This is a processor-level information disclosure issue in some Intel Atom processors. A local authenticated user could potentially read sensitive data left in microarchitectural state after transient execution. The business risk is mainly for shared systems, edge devices, and virtualization hosts using affected Atom hardware. Exposure depends on specific Intel Atom processor models listed in vendor references. Systems with local users, containers, virtual machines, or multi-tenant workloads deserve priority review. The bundle does not identify every affected model directly. Treat this as a targeted confidentiality risk, not an internet-scale emergency. Prioritize hardware inventory and patch governance for shared or multi-user Atom-based systems, especially where sensitive workloads may co-reside. Mitigation focus: Review Intel SA-00898 for affected processor details and vendor guidance.; Apply applicable operating system, firmware, hypervisor, or vendor updates where provided.; Prioritize shared hosts, virtualization platforms, and exposed edge systems using Intel Atom processors..
Prepared
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-1342: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-1342 · source CWE mapping
Information Exposure through Microarchitectural State after Transient Execution
Information Exposure through Microarchitectural State after Transient Execution represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.