Intel today announced new potential security vulnerabilities in some Intel processors, which may allow information disclosure.
The CVE-2020-0548 and CVE-2020-0549 vulnerabilities, which were publicly disclosed by researchers, are part of Intel's advisory been released before planned mitigations can be made available. Intel expects to release mitigations through the company's normal Intel Platform Update (IPU) process in the near future.
These issues are closely related to disclosures released in November 2019, which addressed an issue called Transactional Synchronization Extensions (TSX) Asynchronous Abort, or TAA. At the time, Intel confirmed the possibility that some amount of data could still potentially be inferred through a side-channel and would be addressed in future microcode updates.
Since May 2019, starting with Microarchitectural Data Sampling (MDS), and then in November with TAA, Intel and and the company's system software partners have released mitigations that have cumulatively and substantially reduced the overall attack surface for these types of issues. Intel says it continues to conduct research in this area – internally, and in conjunction with the external research community.
CVE-2020-0548 is an information disclosure vulnerability with a CVSS score of 2.8, low, referred to as Vector Register Sampling. "Cleanup errors in some Intel processors may allow an authenticated user to potentially enable information disclosure via local access," reads the vulnerability's descripyion. Intel rated this issue as “low” as the user would first need to be authenticated on the target system, the high complexity of an attack, and low confidence in the attacker’s ability to target and retrieve relevant data.
For more information on Vector Register Sampling, see the Intel whitepaper and affected products:
The CVE-2020-0549 is also an information disclosure vulnerability requiring authenticated local access: "Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access, "Intel says. The CVSS score is 6.5, medium. Referred to as L1D Eviction Sampling, the severity score is higher on this one because the attack complexity is lower and the ability to target specific data higher. Intel says this vulnerability has little to no impact in virtual environments that have applied L1 Terminal Fault mitigations.
For more information on L1D Eviction Sampling, see the Intel whitepaper and affected products:
Affected products include desktop, server, mobile and workstation processors.
Intel says it is not aware of any use of these issues outside of a controlled lab environment.