CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS
Percentile
12.6%
Load value injection in some Intelยฎ Processors utilizing speculative
execution may allow an authenticated user to potentially enable information
disclosure via a side channel with local access. The list of affected
products is provided in intel-sa-00334:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html
Author | Note |
---|---|
sbeattie | only affects processors from Intel primary impact is for SGX users. May need toolchain updates for applications that are targeted for use in SGX enclaves. most Ubuntu kernels do not support or have SGX drivers available, and so are not affected. The linux-azure kernels do have SGX enabled (as of https://bugs.launchpad.net/ubuntu/+source/linux-azure/+bug/1844245 ) and thus the Ubuntu Kernel team is investigating further. The guidance that we have received so far from Intel indicates that it is only SGX applications that need mitigations. looking at the upstream intel SGX DCAP driver as of 2020-11-17, there does not seem to have been any changes due to this issue, so it is only software running in the enclave itself that is affected; marking linux-azure kernels as not-affected. |
launchpad.net/bugs/cve/CVE-2020-0551
lviattack.eu/
nvd.nist.gov/vuln/detail/CVE-2020-0551
security-tracker.debian.org/tracker/CVE-2020-0551
software.intel.com/security-software-guidance/insights/deep-dive-load-value-injection
software.intel.com/security-software-guidance/software-guidance/load-value-injection
sourceware.org/pipermail/binutils/2020-March/110175.html
www.cve.org/CVERecord?id=CVE-2020-0551
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS
Percentile
12.6%