Ubuntu.comUB:CVE-2020-0551CVE-2020-0551
0.0004 Low
EPSS
Percentile
12.2%
Load value injection in some Intelยฎ Processors utilizing speculative
execution may allow an authenticated user to potentially enable information
disclosure via a side channel with local access. The list of affected
products is provided in intel-sa-00334:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html
Notes
| Author | Note |
|---|---|
| sbeattie | only affects processors from Intel primary impact is for SGX users. May need toolchain updates for applications that are targeted for use in SGX enclaves. most Ubuntu kernels do not support or have SGX drivers available, and so are not affected. The linux-azure kernels do have SGX enabled (as of https://bugs.launchpad.net/ubuntu/+source/linux-azure/+bug/1844245 ) and thus the Ubuntu Kernel team is investigating further. The guidance that we have received so far from Intel indicates that it is only SGX applications that need mitigations. looking at the upstream intel SGX DCAP driver as of 2020-11-17, there does not seem to have been any changes due to this issue, so it is only software running in the enclave itself that is affected; marking linux-azure kernels as not-affected. |
References
launchpad.net/bugs/cve/CVE-2020-0551
lviattack.eu/
nvd.nist.gov/vuln/detail/CVE-2020-0551
security-tracker.debian.org/tracker/CVE-2020-0551
software.intel.com/security-software-guidance/insights/deep-dive-load-value-injection
software.intel.com/security-software-guidance/software-guidance/load-value-injection
sourceware.org/pipermail/binutils/2020-March/110175.html
www.cve.org/CVERecord?id=CVE-2020-0551
Related
