Snoop Assisted L1D Sampling Advisory

Summary:

A potential security vulnerability in some Intel® Processors may allow information disclosure.****

Vulnerability Details:

CVEID: CVE-2020-0550

Description: Improper data forwarding in some data cache for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 5.6 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected Products:

A list of impacted products can be found here.

Recommendations:

This potential vulnerability is mitigated by using Virtual Machine Manager with the L1TF mitigations applied. For more information see L1TF. Intel is not recommending any new or additional mitigations for Operating Systems.

Additional technical details about this vulnerability can be found at:

<https://software.intel.com/security-software-guidance/insights/deep-dive-snoop-assisted-l1-data-sampling&gt;

Additional Advisory Guidance on CVE-2020-0550 available here.

Acknowledgements:

Intel would like to thank Pawel Wieczorkiewicz from Amazon Web Services for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available