Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-0551

Опубликовано: 12 мар. 2020
Источник: debian

Описание

Load value injection in some Intel(R) Processors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. The list of affected products is provided in intel-sa-00334: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html

Примечания

  • https://software.intel.com/security-software-guidance/software-guidance/load-value-injection

  • https://software.intel.com/security-software-guidance/insights/deep-dive-load-value-injection

  • https://xenbits.xen.org/xsa/advisory-315.html

  • https://lviattack.eu/

  • No mitigation will provided by this issue in software, primarily impacts Intel SGX

  • binutils/toolchain updates will include a patch that optionally emits lfence

  • instructions in problematic situations (but have performance impact), cf.

  • https://sourceware.org/pipermail/binutils/2020-March/110175.html

Связанные уязвимости

ubuntu логотип

CVE-2020-0551

CVSS3: 5.6
ubuntu
почти 6 лет назад

Load value injection in some Intel(R) Processors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. The list of affected products is provided in intel-sa-00334: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html

redhat логотип

CVE-2020-0551

CVSS3: 3.3
redhat
почти 6 лет назад

Load value injection in some Intel(R) Processors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. The list of affected products is provided in intel-sa-00334: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html

nvd логотип

CVE-2020-0551

CVSS3: 5.6
nvd
почти 6 лет назад

Load value injection in some Intel(R) Processors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. The list of affected products is provided in intel-sa-00334: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html

fstec логотип

BDU:2020-04411

CVSS3: 5.6
fstec
почти 6 лет назад

Уязвимость реализации технологии Software Guard eXtensions (SGX) процессоров Intel, существующая из-за непринятия мер по нейтрализации специальных элементов, позволяющая нарушителю получить доступ к защищаемой информации