CVE-2020-0550

Опубликовано: 10 мар. 2020

Источник: redhat

CVSS3: 5.6

EPSS Низкий

Описание

Improper data forwarding in some data cache for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. The list of affected products is provided in intel-sa-00330: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00330.html

A flaw was found in the Intel CPU's cache coherency mechanism. A microarchitectural (hardware) implementation issue that could allow an unprivileged local attacker to bypass conventional system security controls to infer on-CPU Level 1 cache contents is present. At this time, this specific flaw is only known to affect Intel-based processors. The highest threat from this vulnerability is to data confidentiality.

Отчет

CVE-2020-0550 is the CVE assigned specifically to the hardware implementation leading to this flaw. Unlike the L1TF microarchitectural issue, no additional CVE have been assigned at this time to cover operating systems or vmm/hypervisor specific implementations. As this CVE is a flaw in specific hardware, not the operating system kernel, and operating system mitigations are already applied, Red Hat does not list the Red Hat Enterprise Linux kernel package as “affected” by this CVE. This does not imply that the flaw can not be exposed on systems running Red Hat Enterprise Linux on vulnerable hardware, only that the flaw exists in the hardware implementation and no additional changes are deemed necessary or practical to address this flaw at the software layer. Existing mitigations released in Red Hat Enterprise Linux in response to Spectre V1 (https://access.redhat.com/security/vulnerabilities/speculativeexecution), L1TF (https://access.redhat.com/security/vulnerabilities/L1TF) and MDS (https://access.redhat.com/security/vulnerabilities/mds) should already provide significant barrier against exploitation of this attack vector and no new mitigation is planned at this time.

Меры по смягчению последствий

Due to the high level of difficulty of the attack and the performance impact which would be associated with any potential mitigations, there are currently no microcode or software mitigations for this issue, other than the existing L1TF mitigations described above, which protect virtual machines against other virtual machines on the host; and disabling TSX, as described above, which can raise the bar of difficulty of the attack. Red Hat doesn't currently have knowledge of any real-world occurrences of this attack, so the risk of attack may be considered low. To further minimize the possibility of attacks related to this and other speculative issues, trusted and untrusted workloads can be isolated on separate systems.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-440->CWE-385

https://bugzilla.redhat.com/show_bug.cgi?id=1810359hw: Snoop-Assisted L1D Sampling

EPSS

Процентиль: 19%

0.0006

Низкий

5.6 Medium

CVSS3

Связанные уязвимости

CVE-2020-0550

CVSS3: 5.6

ubuntu

больше 5 лет назад

CVE-2020-0550

CVSS3: 5.6

nvd

больше 5 лет назад

CVE-2020-0550

CVSS3: 5.6

debian

больше 5 лет назад

Improper data forwarding in some data cache for some Intel(R) Processo ...

GHSA-xw3h-h52h-wq24

CVSS3: 5.6

github

больше 3 лет назад

BDU:2020-04410

CVSS3: 5.6

fstec

больше 5 лет назад

Уязвимость микропрограммного обеспечения процессоров Intel, связанная с ошибками синхронизации данных в кеш-памяти, позволяющая нарушителю получить доступ к защищаемой информации

EPSS

Процентиль: 19%

0.0006

Низкий

5.6 Medium

CVSS3