AttackerKBAKB:555EF2E1-269F-4133-8D13-B67EA80F8CC3CVE-2020-0543 CROSSTALK
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
Incomplete cleanup from specific special register read operations in some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access.
Recent assessments:
busterb at June 15, 2020 8:18pm UTC reported:
This continues to bury SGX as an actual security mechanism users should be interested in. For leaking keys where you have local access, this is useful for Intel CPUs manufactured in the last 5 years. For general purpose exploitation though, this is less likely to be useful, and the overall risk of using this mechanism still leaves many developers who might use this feature suspicious as they ever were.
The huge performance degradation of RDRAND also isn’t great, though the real problem is for virtual hosting providers where a malicious process or VM can kill overall memory bus performance. https://www.phoronix.com/scan.php?page=news_item&px=RdRand-3-Percent
There are some funny secret-squirrel uses here for the mitigation, as it enables a totally different side-channel problem, but nothing you’d likely see more as a novelty: <https://twitter.com/Kryptoblog/status/1270601775184334849>
Assessed Attacker Value: 2
Assessed Attacker Value: 2Assessed Attacker Value: 3
References
lists.opensuse.org/opensuse-security-announce/2020-06/msg00025.html
lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html
lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html
www.openwall.com/lists/oss-security/2020/07/14/5
cert-portal.siemens.com/productcert/pdf/ssa-534763.pdf
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0543
kc.mcafee.com/corporate/index?page=content&id=SB10318
lists.fedoraproject.org/archives/list/[email protected]/message/DT2VKDMQ3I37NBNJ256A2EXR7OJHXXKZ
lists.fedoraproject.org/archives/list/[email protected]/message/DT2VKDMQ3I37NBNJ256A2EXR7OJHXXKZ/
lists.fedoraproject.org/archives/list/[email protected]/message/GRFC7UAPKAFFH5WX3AMDUBVHLKYQA2NZ/
lists.fedoraproject.org/archives/list/[email protected]/message/NQZMOSHLTBBIECENNXA6M7DN5FEED4KI
lists.fedoraproject.org/archives/list/[email protected]/message/NQZMOSHLTBBIECENNXA6M7DN5FEED4KI/
lists.fedoraproject.org/archives/list/[email protected]/message/T5OUM24ZC43G4IDT3JUCIHJTSDXJSK6Y
lists.fedoraproject.org/archives/list/[email protected]/message/T5OUM24ZC43G4IDT3JUCIHJTSDXJSK6Y/
usn.ubuntu.com/4385-1
usn.ubuntu.com/4385-1/
usn.ubuntu.com/4387-1
usn.ubuntu.com/4387-1/
usn.ubuntu.com/4388-1
usn.ubuntu.com/4388-1/
usn.ubuntu.com/4389-1
usn.ubuntu.com/4389-1/
usn.ubuntu.com/4390-1
usn.ubuntu.com/4390-1/
usn.ubuntu.com/4391-1
usn.ubuntu.com/4391-1/
usn.ubuntu.com/4392-1
usn.ubuntu.com/4392-1/
usn.ubuntu.com/4393-1
usn.ubuntu.com/4393-1/
www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00320.html
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N