CVE-2020-0549Improper Resource Shutdown or Release in Intel-microcode

CWE-404Improper Resource Shutdown or ReleaseCWE-200Sensitive Information ExposureCWE-203Observable Discrepancy12 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 75.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Debian Intel-microcodeIntel ProcessorsCanonical Ubuntu Linux+3 more
Timeline
PublishedJan 28
Latest updateMay 24

Description

Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5intel/intel_processorssee references
debiandebian/intel-microcode< intel-microcode 3.20200609.1 (bookworm)
NVDopensuse/leap15.1

Also affects: Debian Linux 10.0, 11.0, 8.0, Fedora 31, 32, Ubuntu Linux 14.04, 16.04, 18.04, 19.10, 20.04

🔴Vulnerability Details

4
GHSA
GHSA-3cg7-p7mp-2hcx: Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure2022-05-24
OSV
intel-microcode regression2020-06-10
OSV
intel-microcode vulnerabilities2020-06-09
OSV
CVE-2020-0549: Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure2020-01-28

📋Vendor Advisories

4
Ubuntu
Intel Microcode regression2020-06-10
Ubuntu
Intel Microcode vulnerabilities2020-06-09
Red Hat
hw: L1D Cache Eviction Sampling2020-01-27
Debian
CVE-2020-0549: intel-microcode - Cleanup errors in some data cache evictions for some Intel(R) Processors may all...2020

📄Research Papers

1
arXiv
CacheOut: Leaking Data on Intel CPUs via Cache Evictions2020-06-23

💬Community

2
Bugzilla
CVE-2020-0549 microcode_ctl: hw: L1D Cache Eviction Sampling [fedora-all]2020-01-27
Bugzilla
CVE-2020-0549 hw: L1D Cache Eviction Sampling2020-01-08