Redhat.comRH:CVE-2020-0550CVE-2020-0550
EPSS
Percentile
12.6%
A flaw was found in the Intel CPUโs cache coherency mechanism. A microarchitectural (hardware) implementation issue that could allow an unprivileged local attacker to bypass conventional system security controls to infer on-CPU Level 1 cache contents is present. At this time, this specific flaw is only known to affect Intel-based processors. The highest threat from this vulnerability is to data confidentiality.
Mitigation
Due to the high level of difficulty of the attack and the performance impact which would be associated with any potential mitigations, there are currently no microcode or software mitigations for this issue, other than the existing L1TF mitigations described above, which protect virtual machines against other virtual machines on the host; and disabling TSX, as described above, which can raise the bar of difficulty of the attack.
Red Hat doesn't currently have knowledge of any real-world occurrences of this attack, so the risk of attack may be considered low. To further minimize the possibility of attacks related to this and other speculative issues, trusted and untrusted workloads can be isolated on separate systems.
References
access.redhat.com/articles/snoop-assisted-l1d-sampling
bugzilla.redhat.com/show_bug.cgi?id=1810359
nvd.nist.gov/vuln/detail/CVE-2020-0550
software.intel.com/security-software-guidance/insights
software.intel.com/security-software-guidance/insights/deep-dive-introduction-speculative-execution-side-channel-methods
software.intel.com/security-software-guidance/software-guidance
www.cve.org/CVERecord?id=CVE-2020-0550
Related
