CVE-2020-0550
Published: 10 March 2020
Improper data forwarding in some data cache for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. The list of affected products is provided in intel-sa-00330: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00330.html
Notes
Author | Note |
---|---|
sbeattie | affects processors from Intel only |
mdeslaur | Intel has no plans to release microcode updates for this issue, marking as ignored |
Priority
Status
Package | Release | Status |
---|---|---|
intel-microcode Launchpad, Ubuntu, Debian |
bionic |
Ignored
|
eoan |
Ignored
(end of life)
|
|
focal |
Ignored
|
|
groovy |
Ignored
|
|
trusty |
Ignored
|
|
upstream |
Needs triage
|
|
xenial |
Ignored
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.6 |
Attack vector | Local |
Attack complexity | High |
Privileges required | Low |
User interaction | None |
Scope | Changed |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N |
References
- https://software.intel.com/security-software-guidance/software-guidance/snoop-assisted-l1-data-sampling
- https://software.intel.com/security-software-guidance/insights/deep-dive-snoop-assisted-l1-data-sampling
- https://software.intel.com/security-software-guidance/advisory-guidance/snoop-assisted-l1-data-sampling
- https://software.intel.com/security-software-guidance/deep-dives/deep-dive-snoop-assisted-l1-data-sampling
- https://www.cve.org/CVERecord?id=CVE-2020-0550
- NVD
- Launchpad
- Debian