5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
Lenovo Security Advisory: LEN-30044
Potential Impact: Information Disclosure
Severity: Medium
Scope of Impact: Industry-wide
CVE Identifier: CVE-2020-0548, CVE-2020-0549, CVE-2020-0550
Summary Description:
Intel reported potential security vulnerabilities in some Intel Processors that may allow information disclosure. These vulnerabilities may be referred to as Vector Register Sampling (CVE-2020-0548) and L1D Eviction Sampling or CacheOut (CVE-2020-0549). Refer to Intel’s Security Advisory for additional information.
CVE-2020-0548: Cleanup errors in some Intel Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2020-0549: Cleanup errors in some data cache evictions for some Intel Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2020-0550: Improper data forwarding in some data cache for some Intel Processors may allow an authenticated user to potentially enable information disclosure via local access.
Mitigation Strategy for Customers (what you should do to protect yourself):
Intel expects to release microcode updates for affected processors. Lenovo will publish fixes for affected systems once microcode updates are available from Intel. Until mitigations are available, the following guidance can be followed to reduce the likelihood of a successful attack from these vulnerabilities.
CVE-2020-0548: Intel recommends applying previous MDS mitigations described in LEN-26696 to reduce the impact of this vulnerability.
CVE-2020-0549: Intel recommends applying previous L1 Terminal Fault mitigations described in LEN-24163 to reduce the impact of this vulnerability in virtual environments.
CVE-2020-0550: Intel recommends applying previous L1 Terminal Fault mitigations described in LEN-24163 to reduce the impact of this vulnerability in virtual environments.
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N