Update (2/19/2020): Microcode updates that address this issue have been provided to Original Equipment Manufacturers (OEMs). Please check with your system provider on the availability of these updates for your system. Click HERE for a list of OEM support sites.
Today we released INTEL-SA-00329, Intel® Processors Data Leakage Advisory concerning two vulnerabilities that were publicly disclosed by researchers. As part of our commitment to transparency, the advisory has been released before our planned mitigations can be made available and we expect to release mitigations through our normal Intel Platform Update (IPU) process in the near future.
These issues are closely related to INTEL-SA-00233, released in November 2019, which addressed an issue called Transactional Synchronization Extensions (TSX) Asynchronous Abort, or TAA. At the time, we confirmed the possibility that some amount of data could still potentially be inferred through a side-channel and would be addressed in future microcode updates. The issues have been referred to by researchers as Zombieload, RIDL, and CacheOut.
Since May 2019, starting with Microarchitectural Data Sampling (MDS), and then in November with TAA, we and our system software partners have released mitigations that have cumulatively and substantially reduced the overall attack surface for these types of issues. We continue to conduct research in this area – internally, and in conjunction with the external research community.
More information about INTEL-SA-00329:
CVE-2020-0548 is an information disclosure vulnerability with a CVSS score of 2.8, low, referred to as Vector Register Sampling. This issue is rated “low” as the user would first need to be authenticated on the target system, the high complexity of an attack, and low confidence in the attacker’s ability to target and retrieve relevant data.
For more information on Vector Register Sampling, see the Intel whitepaper and affected products:
CVE-2020-0549 is also an information disclosure vulnerability requiring authenticated local access. The CVSS score is 6.5, medium. Referred to as L1D Eviction Sampling, the severity score is higher on this one because the attack complexity is lower and the ability to target specific data higher. This vulnerability has little to no impact in virtual environments that have applied L1 Terminal Fault mitigations.
For more information on L1D Eviction Sampling, see the Intel whitepaper and affected products:
To date, we are not aware of any use of these issues outside of a controlled lab environment.
Director of Communications
Intel Product Assurance and Security