CVE-2020-0550
Publication date 10 March 2020
Last updated 24 July 2024
Ubuntu priority
Improper data forwarding in some data cache for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. The list of affected products is provided in intel-sa-00330: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00330.html
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| intel-microcode | ||
| 20.04 LTS focal | Ignored | |
| 18.04 LTS bionic | Ignored | |
| 16.04 LTS xenial | Ignored | |
| 14.04 LTS trusty | Ignored |
Notes
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
5.6 · Medium
|
| Attack vector | Local |
| Attack complexity | High |
| Privileges required | Low |
| User interaction | None |
| Scope | Changed |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N |
References
Other references
- https://software.intel.com/security-software-guidance/software-guidance/snoop-assisted-l1-data-sampling
- https://software.intel.com/security-software-guidance/insights/deep-dive-snoop-assisted-l1-data-sampling
- https://software.intel.com/security-software-guidance/advisory-guidance/snoop-assisted-l1-data-sampling
- https://software.intel.com/security-software-guidance/deep-dives/deep-dive-snoop-assisted-l1-data-sampling
- https://www.cve.org/CVERecord?id=CVE-2020-0550