Enrico Barberis

Name of the Vulnerable Software and Affected Versions: Intel(R) Processors (affected versions not specified) Intel(R) Brand Verification Tool versions prior to 11.0.0.1225 Description: The issue concerns an observable response discrepancy in floating-point operations for some Intel(R) Processors, which may allow an authorized user to potentially enable information disclosure via local access. Additionally, improper permissions in the installer for the Intel(R) Brand Verification Tool may allow an authenticated user to potentially enable escalation of privilege via local access. Recommendations: For Intel(R) Processors, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Intel(R) Brand Verification Tool versions prior to 11.0.0.1225, update to version 11.0.0.1225 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** All supported CPU products (affected versions not specified) **Description** The issue concerns potential floating point value injection in CPU products, which, when combined with software vulnerabilities related to speculative execution, can lead to the use of incorrect floating point results. This may cause data leakage due to the incorrect use of data from FPVI. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Processors (affected versions not specified) Xen (affected versions not specified) **Description** The issue is related to an observable response discrepancy that may allow an authorized user to potentially enable information disclosure via local access. This discrepancy can be exploited to gain access to confidential data. **Recommendations** For Intel(R) Processors, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Xen, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Xen (affected versions not specified) CPU products (affected versions not specified) **Description** The issue is related to a potential speculative code store bypass in CPU products, which, in conjunction with software vulnerabilities related to speculative execution of overwritten instructions, may cause incorrect speculation and could result in data leakage. Additionally, there is a vulnerability in the Xen hypervisor related to insufficient access control to ports, which could allow an attacker to access confidential data. **Recommendations** For Xen, restrict access to sensitive ports to minimize the risk of exploitation. For CPU products, consider disabling speculative execution of overwritten instructions as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Firefox ESR versions prior to 78.9 Firefox versions prior to 87 **Description** The issue is related to insufficient neutralization of special elements in a request, which may allow a remote attacker to access confidential data. It is also described as a transient execution vulnerability, specifically Floating Point Value Injection (FPVI), allowing an attacker to leak arbitrary memory addresses and potentially enabling JIT type confusion attacks. **Recommendations** For Firefox ESR versions prior to 78.9, update to version 78.9 or later. For Firefox versions prior to 87, update to version 87 or later.