CVE-2020-0543
Publication date 9 June 2020
Last updated 24 July 2024
Ubuntu priority
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
From the Ubuntu Security Team
It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| intel-microcode | 24.04 LTS noble |
Not affected
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Fixed 3.20200609.0ubuntu0.20.04.0
|
|
| 18.04 LTS bionic |
Fixed 3.20200609.0ubuntu0.18.04.0
|
|
| 16.04 LTS xenial |
Fixed 3.20200609.0ubuntu0.16.04.0
|
|
| 14.04 LTS trusty |
Fixed 3.20200609.0ubuntu0.14.04.0
|
|
| xen | 24.04 LTS noble |
Not affected
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Fixed 4.11.3+24-g14b62ab3e5-1ubuntu2.3
|
|
| 18.04 LTS bionic |
Vulnerable
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| 14.04 LTS trusty | Not in release |
Get expanded security coverage with Ubuntu Pro
Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.
Get Ubuntu ProNotes
tyhicks
This issue only affects Intel client and Xeon E3 processors
sbeattie
also known as "CrossTalk"
sbeattie
Affected processor families: ============= ============ ======== common name Family_Model Stepping ============= ============ ======== IvyBridge 06_3AH All Haswell 06_3CH All Haswell_L 06_45H All Haswell_G 06_46H All Broadwell_G 06_47H All Broadwell 06_3DH All Skylake_L 06_4EH All Skylake 06_5EH All Kabylake_L 06_8EH <= 0xC Kabylake 06_9EH <= 0xD ============= ============ ========
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
5.5 · Medium
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
References
Related Ubuntu Security Notices (USN)
- USN-4387-1
- Linux kernel vulnerabilities
- 10 June 2020
- USN-4391-1
- Linux kernel vulnerabilities
- 11 June 2020
- USN-4390-1
- Linux kernel vulnerabilities
- 11 June 2020
- USN-4385-1
- Intel Microcode vulnerabilities
- 9 June 2020
- USN-4389-1
- Linux kernel vulnerabilities
- 10 June 2020
- USN-4392-1
- Linux kernel vulnerabilities
- 10 June 2020
- USN-4388-1
- Linux kernel vulnerabilities
- 9 June 2020
- USN-4393-1
- Linux kernel vulnerabilities
- 10 June 2020
- LSN-0068-1
- Kernel Live Patch Security Notice
- 9 June 2020
- USN-5617-1
- Xen vulnerabilities
- 19 September 2022
Other references
- https://www.vusec.net/projects/crosstalk
- https://software.intel.com/security-software-guidance/software-guidance/special-register-buffer-data-sampling
- https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling
- https://software.intel.com/security-software-guidance/insights/processors-affected-special-register-buffer-data-sampling
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00320.html
- https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/special-register-buffer-data-sampling.html
- https://www.cve.org/CVERecord?id=CVE-2020-0543