5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
11.8%
A flaw was found in the Intel CPUโs cache coherency mechanism. A microarchitectural (hardware) implementation issue that could allow an unprivileged local attacker to bypass conventional system security controls to infer on-CPU Level 1 cache contents is present. At this time, this specific flaw is only known to affect Intel-based processors. The highest threat from this vulnerability is to data confidentiality.
Due to the high level of difficulty of the attack and the performance impact which would be associated with any potential mitigations, there are currently no microcode or software mitigations for this issue, other than the existing L1TF mitigations described above, which protect virtual machines against other virtual machines on the host; and disabling TSX, as described above, which can raise the bar of difficulty of the attack.
Red Hat doesn't currently have knowledge of any real-world occurrences of this attack, so the risk of attack may be considered low. To further minimize the possibility of attacks related to this and other speculative issues, trusted and untrusted workloads can be isolated on separate systems.
access.redhat.com/articles/snoop-assisted-l1d-sampling
bugzilla.redhat.com/show_bug.cgi?id=1810359
nvd.nist.gov/vuln/detail/CVE-2020-0550
software.intel.com/security-software-guidance/insights
software.intel.com/security-software-guidance/insights/deep-dive-introduction-speculative-execution-side-channel-methods
software.intel.com/security-software-guidance/software-guidance
www.cve.org/CVERecord?id=CVE-2020-0550
5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
11.8%