The updated IBM Power9 processors intended for mainframes and data centers are potentially vulnerable to abuse of their speculative execution capability. The security defect could allow a local user to access privileged information.
IBM published a security advisory that says, “IBM Power9 processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances.”
This new vulnerability means these IBM processors need to be flushing their L1 data cache between privilege boundaries, similar to other recent CPU nightmares. The vulnerability reportedly has a base score of 5.1 on the Common Vulnerability Scoring System (CVSS).