CVE-2020-0543
Published: 09 June 2020
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
From the Ubuntu security team
It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information.
Priority
Medium
CVSS 3 base score: 5.5
Status
| Package | Release | Status |
|---|---|---|
|
intel-microcode Launchpad, Ubuntu, Debian |
Upstream |
Needed
|
| Ubuntu 21.04 (Hirsute Hippo) |
Released
(3.20200609.0ubuntu0.20.04.0)
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Released
(3.20200609.0ubuntu0.20.04.0)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Released
(3.20200609.0ubuntu0.20.04.0)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(3.20200609.0ubuntu0.18.04.0)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(3.20200609.0ubuntu0.16.04.0)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(3.20200609.0ubuntu0.14.04.0)
|
Notes
| Author | Note |
|---|---|
| tyhicks | This issue only affects Intel client and Xeon E3 processors |
| sbeattie | also known as "CrossTalk" |
| sbeattie | Affected processor families: ============= ============ ======== common name Family_Model Stepping ============= ============ ======== IvyBridge 06_3AH All Haswell 06_3CH All Haswell_L 06_45H All Haswell_G 06_46H All Broadwell_G 06_47H All Broadwell 06_3DH All Skylake_L 06_4EH All Skylake 06_5EH All Kabylake_L 06_8EH <= 0xC Kabylake 06_9EH <= 0xD ============= ============ ======== |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0543
- https://www.vusec.net/projects/crosstalk
- https://software.intel.com/security-software-guidance/software-guidance/special-register-buffer-data-sampling
- https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling
- https://software.intel.com/security-software-guidance/insights/processors-affected-special-register-buffer-data-sampling
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00320.html
- https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/special-register-buffer-data-sampling.html
- https://usn.ubuntu.com/usn/usn-4385-1
- https://usn.ubuntu.com/usn/usn-4391-1
- https://usn.ubuntu.com/usn/usn-4392-1
- https://usn.ubuntu.com/usn/usn-4393-1
- https://usn.ubuntu.com/usn/usn-4387-1
- https://usn.ubuntu.com/usn/usn-4389-1
- https://usn.ubuntu.com/usn/usn-4390-1
- https://usn.ubuntu.com/usn/usn-4388-1
- NVD
- Launchpad
- Debian