SB2020012802 - Information disclosure in some Intel Processors

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2020-0548)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to cleanup errors. A local user can gain unauthorized access to sensitive information on the system.

2) Information disclosure (CVE-ID: CVE-2020-0549)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to cleanup errors in some data cache evictions. A local user can gain unauthorized access to sensitive information on the system.

Remediation

Install update from vendor's website.

References

• https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html
• https://software.intel.com/security-software-guidance/software-guidance/vector-register-sampling
• https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling