Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00329
HistoryMay 11, 2021 - 12:00 a.m.

Intel® Processors Data Leakage Advisory

2021-05-1100:00:00
Intel Security Center
www.intel.com
14

EPSS

0.001

Percentile

18.0%

JSON

Summary:

Potential security vulnerabilities in some Intel® Processors may allow information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2020-0548

Description: Cleanup errors in some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 2.8 Low

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

CVEID: CVE-2020-0549

Description: Cleanup errors in some data cache evictions for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 6.5 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected Products:

A list of impacted products can be found here.

Recommendations:

Intel recommends that users of affected Intel® Processors update to the latest version firmware provided by the system manufacturer that addresses these issues.

Intel has released microcode updates for the affected Intel® Processors that are currently supported on the public github repository. Please see details below on access to the microcode:

GitHub*: Public Github: <https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files&gt;

Additional technical details about these vulnerabilities can be found at:

<https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling&gt;

<https://software.intel.com/security-software-guidance/software-guidance/vector-register-sampling&gt;

Additional Advisory Guidance on CVE-2020-0548, CVE 2020-0549 available here.

Acknowledgements:

Intel would like to thank the following individuals for finding, reporting and coordinating these vulnerabilities to us.

Intel thanks TU Graz and KU Leuven for disclosure of CVE-2020-0549.

Graz University of Technology: Moritz Lipp, Michael Schwarz, Daniel Gruss.

KU Leuven: Jo Van Bulck.

Intel thanks VU Amsterdam, for disclosure of CVE-2020-0548 and CVE-2020-0549. VUSec group at VU Amsterdam: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida.

Researchers from TU Graz and Ku Leuven provided Intel with a Proof of Concept (POC) in May 2019 and researchers from VU Amsterdam provided Proof of Concept (POC) in October 2019. Intel subsequently confirmed each submission demonstrates CVE-2020-0549 individually.

Related

lenovo 2
threatpost 1
f5 1
hp 1
nessus 56
cloudfoundry 2
oraclelinux 5
ubuntu 2
openvas 16
redhat 21
centos 3
archlinux 1
osv 4
debian 3
suse 1
amazon 2
fedora 2
mageia 1
veracode 2
redhatcve 2
cvelist 2
cve 2
nvd 2
ubuntucve 2
alpinelinux 1
prion 2
debiancve 2
thn 2
rocky 1
almalinux 1
ibm 1
lenovo
lenovo
Intel Processors Side Channel Data Leakage Vulnerabilities - Lenovo Support NL
2020-01-28 17:40:36
Intel Processors Side Channel Data Leakage Vulnerabilities - Lenovo Support US
2020-01-28 17:40:36
threatpost
threatpost
New ‘CacheOut’ Attack Targets Intel CPUs
2020-01-28 22:58:46
f5
f5
K22206205 : Intel vulnerabilities CVE-2020-0548 CVE-2020-0549
2020-01-31 00:00:00
hp
hp
HPSBHF03670 rev. 2 - Intel® Processors Data Leakage Advisory
2020-06-09 00:00:00
nessus
nessus
Scientific Linux Security Update : microcode_ctl on SL6.x i386/x86_64 (20200610)
2020-06-11 00:00:00
Amazon Linux AMI : microcode_ctl (ALAS-2020-1396)
2020-07-20 00:00:00
Amazon Linux 2 : microcode_ctl (ALAS-2020-1444)
2020-07-02 00:00:00
cloudfoundry
cloudfoundry
USN-4385-1: Intel Microcode vulnerabilities | Cloud Foundry
2020-06-22 00:00:00
USN-4385-2: Intel Microcode regression | Cloud Foundry
2020-06-22 00:00:00
oraclelinux
oraclelinux
microcode_ctl security, bug fix and enhancement update
2020-06-18 00:00:00
microcode_ctl security, bug fix and enhancement update
2020-06-10 00:00:00
microcode_ctl security, bug fix and enhancement update
2020-06-18 00:00:00
ubuntu
ubuntu
Intel Microcode vulnerabilities
2020-06-09 00:00:00
Intel Microcode regression
2020-06-10 00:00:00
openvas
openvas
Fedora: Security Advisory for microcode_ctl (FEDORA-2020-11ddbfbdf0)
2020-06-26 00:00:00
Debian: Security Advisory (DSA-4701-1)
2020-06-12 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:14394-1)
2021-06-09 00:00:00
redhat
redhat
(RHSA-2020:2680) Moderate: microcode_ctl security, bug fix and enhancement update
2020-06-23 13:33:56
(RHSA-2020:2433) Moderate: microcode_ctl security, bug fix and enhancement update
2020-06-09 18:27:54
(RHSA-2020:2757) Moderate: microcode_ctl security, bug fix and enhancement update
2020-06-29 07:37:51
centos
centos
microcode_ctl security update
2020-06-10 17:17:14
microcode_ctl security update
2020-06-10 17:22:53
microcode_ctl security update
2021-08-09 15:29:53
archlinux
archlinux
[ASA-202006-10] intel-ucode: information disclosure
2020-06-13 00:00:00
osv
osv
intel-microcode - security update
2020-06-13 00:00:00
intel-microcode - security update
2020-06-11 00:00:00
CVE-2020-0548
2020-01-28 01:15:12
debian
debian
[SECURITY] [DLA 2248-1] intel-microcode security update
2020-06-13 15:29:48
[SECURITY] [DSA 4701-1] intel-microcode security update
2020-06-11 15:21:45
[SECURITY] [DSA 4701-1] intel-microcode security update
2020-06-11 15:21:45
suse
suse
Security update for ucode-intel (moderate)
2020-06-11 00:00:00
amazon
amazon
Medium: microcode_ctl
2020-06-26 22:53:00
Medium: microcode_ctl
2020-07-14 01:55:00
fedora
fedora
[SECURITY] Fedora 32 Update: microcode_ctl-2.1-39.fc32
2020-06-19 01:05:57
[SECURITY] Fedora 31 Update: microcode_ctl-2.1-39.fc31
2020-06-26 01:08:34
mageia
mageia
Updated microcode packages fix security vulnerability
2020-08-01 02:25:42
veracode
veracode
Information Disclosure
2020-06-10 04:58:40
Information Disclosure
2020-06-10 04:58:40
redhatcve
redhatcve
CVE-2020-0548
2020-01-27 18:39:09
CVE-2020-0549
2020-01-27 18:39:09
cvelist
cvelist
CVE-2020-0548
2020-01-28 00:02:29
CVE-2020-0549
2020-01-28 00:03:16
cve
cve
CVE-2020-0548
2020-01-28 01:15:12
CVE-2020-0549
2020-01-28 01:15:12
nvd
nvd
CVE-2020-0548
2020-01-28 01:15:12
CVE-2020-0549
2020-01-28 01:15:12
ubuntucve
ubuntucve
CVE-2020-0548
2020-01-27 00:00:00
CVE-2020-0549
2020-01-27 00:00:00
alpinelinux
alpinelinux
CVE-2020-0548
2020-01-28 01:15:12
prion
prion
Information disclosure
2020-01-28 01:15:00
Information disclosure
2020-01-28 01:15:00
debiancve
debiancve
CVE-2020-0549
2020-01-28 01:15:12
CVE-2020-0548
2020-01-28 01:15:12
thn
thn
New 'CacheOut' Attack Leaks Data from Intel CPUs, VMs and SGX Enclave
2020-01-28 16:36:00
Intel CPUs Vulnerable to New 'SGAxe' and 'CrossTalk' Side-Channel Attacks
2020-06-10 12:59:00
rocky
rocky
microcode_ctl security, bug fix and enhancement update
2021-08-09 09:19:57
almalinux
almalinux
Important: microcode_ctl security, bug fix and enhancement update
2021-08-09 09:19:57
ibm
ibm
Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities
2020-10-07 22:53:38

EPSS

0.001

Percentile

18.0%

JSON
Related for INTEL:INTEL-SA-00329
lenovo2threatpost1f51hp1nessus56cloudfoundry2oraclelinux5ubuntu2openvas16redhat21centos3archlinux1osv4debian3suse1amazon2fedora2mageia1veracode2redhatcve2cvelist2cve2nvd2ubuntucve2alpinelinux1prion2debiancve2thn2rocky1almalinux1ibm1