CVE-2020-0550
Published: 10 March 2020
Improper data forwarding in some data cache for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. The list of affected products is provided in intel-sa-00330: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00330.html
Notes
| Author | Note |
|---|---|
| sbeattie | affects processors from Intel only |
| mdeslaur | Intel has no plans to release microcode updates for this issue, marking as ignored |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
intel-microcode Launchpad, Ubuntu, Debian |
bionic |
Ignored
|
| eoan |
Ignored
(end of life)
|
|
| focal |
Ignored
|
|
| groovy |
Ignored
|
|
| trusty |
Ignored
|
|
| upstream |
Needs triage
|
|
| xenial |
Ignored
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.6 |
| Attack vector | Local |
| Attack complexity | High |
| Privileges required | Low |
| User interaction | None |
| Scope | Changed |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N |
References
- https://software.intel.com/security-software-guidance/software-guidance/snoop-assisted-l1-data-sampling
- https://software.intel.com/security-software-guidance/insights/deep-dive-snoop-assisted-l1-data-sampling
- https://software.intel.com/security-software-guidance/advisory-guidance/snoop-assisted-l1-data-sampling
- https://software.intel.com/security-software-guidance/deep-dives/deep-dive-snoop-assisted-l1-data-sampling
- https://www.cve.org/CVERecord?id=CVE-2020-0550
- NVD
- Launchpad
- Debian