Vulnerabilities > CVE-2020-0543 - Incomplete Cleanup vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4391-1.NASL description It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle setxattr operations in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19319) It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. (CVE-2020-0543) Piotr Krysiuk discovered that race conditions existed in the file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12114) It was discovered that the USB susbsystem last seen 2020-06-13 modified 2020-06-10 plugin id 137301 published 2020-06-10 reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137301 title Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm vulnerabilities (USN-4391-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4701.NASL description This update ships updated CPU microcode for some types of Intel CPUs and provides mitigations for the Special Register Buffer Data Sampling (CVE-2020-0543 ), Vector Register Sampling (CVE-2020-0548 ) and L1D Eviction Sampling (CVE-2020-0549 ) hardware vulnerabilities. The microcode update for HEDT and Xeon CPUs with signature 0x50654 which was reverted in DSA 4565-2 is now included again with a fixed release. The upstream update for Skylake-U/Y (signature 0x406e3) had to be excluded from this update due to reported hangs on boot. For details refer to https://www.intel.com/content/www/us/en/security-center/advisory/intel -sa-00320.html, https://www.intel.com/content/www/us/en/security-center/advisory/intel -sa-00329.html last seen 2020-06-13 modified 2020-06-12 plugin id 137374 published 2020-06-12 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137374 title Debian DSA-4701-1 : intel-microcode - security update NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2020-5715.NASL description The remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s). last seen 2020-06-13 modified 2020-06-10 plugin id 137291 published 2020-06-10 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137291 title Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5715) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2020-2431.NASL description From Red Hat Security Advisory 2020:2431 : The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2431 advisory. - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543) - hw: Vector Register Data Sampling (CVE-2020-0548) - hw: L1D Cache Eviction Sampling (CVE-2020-0549) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-13 modified 2020-06-12 plugin id 137385 published 2020-06-12 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137385 title Oracle Linux 8 : microcode_ctl (ELSA-2020-2431) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4385-1.NASL description It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. (CVE-2020-0543) It was discovered that on some Intel processors, partial data values previously read from a vector register on a physical core may be propagated into unused portions of the store buffer. A local attacker could possible use this to expose sensitive information. (CVE-2020-0548) It was discovered that on some Intel processors, data from the most recently evicted modified L1 data cache (L1D) line may be propagated into an unused (invalid) L1D fill buffer. A local attacker could possibly use this to expose sensitive information. (CVE-2020-0549). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-13 modified 2020-06-10 plugin id 137295 published 2020-06-10 reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137295 title Ubuntu 16.04 LTS / 18.04 LTS / 19.10 / 20.04 : intel-microcode vulnerabilities (USN-4385-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4388-1.NASL description It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2020-0067) It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. (CVE-2020-0543) Piotr Krysiuk discovered that race conditions existed in the file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12114) It was discovered that the USB susbsystem last seen 2020-06-13 modified 2020-06-10 plugin id 137298 published 2020-06-10 reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137298 title Ubuntu 18.04 LTS : linux-gke-5.0, linux-oem-osp1 vulnerabilities (USN-4388-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2432.NASL description The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2432 advisory. - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543) - hw: Vector Register Data Sampling (CVE-2020-0548) - hw: L1D Cache Eviction Sampling (CVE-2020-0549) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-12 modified 2020-06-10 plugin id 137313 published 2020-06-10 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137313 title RHEL 7 : microcode_ctl (RHSA-2020:2432) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2020-2433.NASL description The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2433 advisory. - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543) - hw: Vector Register Data Sampling (CVE-2020-0548) - hw: L1D Cache Eviction Sampling (CVE-2020-0549) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-12 modified 2020-06-11 plugin id 137338 published 2020-06-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137338 title CentOS 6 : microcode_ctl (CESA-2020:2433) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2433.NASL description The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2433 advisory. - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543) - hw: Vector Register Data Sampling (CVE-2020-0548) - hw: L1D Cache Eviction Sampling (CVE-2020-0549) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-12 modified 2020-06-09 plugin id 137273 published 2020-06-09 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137273 title RHEL 6 : microcode_ctl (RHSA-2020:2433) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2431.NASL description The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2431 advisory. - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543) - hw: Vector Register Data Sampling (CVE-2020-0548) - hw: L1D Cache Eviction Sampling (CVE-2020-0549) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-12 modified 2020-06-09 plugin id 137276 published 2020-06-09 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137276 title RHEL 8 : microcode_ctl (RHSA-2020:2431) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-2241.NASL description This update is now available for all supported architectures. For reference the original advisory text follows. Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2015-8839 A race condition was found in the ext4 filesystem implementation. A local user could exploit this to cause a denial of service (filesystem corruption). CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613 Wen Xu from SSLab at Gatech reported that crafted Btrfs volumes could trigger a crash (Oops) and/or out-of-bounds memory access. An attacker able to mount such a volume could use this to cause a denial of service or possibly for privilege escalation. CVE-2019-5108 Mitchell Frank of Cisco discovered that when the IEEE 802.11 (WiFi) stack was used in AP mode with roaming, it would trigger roaming for a newly associated station before the station was authenticated. An attacker within range of the AP could use this to cause a denial of service, either by filling up a switching table or by redirecting traffic away from other stations. CVE-2019-19319 Jungyeon discovered that a crafted filesystem can cause the ext4 implementation to deallocate or reallocate journal blocks. A user permitted to mount filesystems could use this to cause a denial of service (crash), or possibly for privilege escalation. CVE-2019-19447 It was discovered that the ext4 filesystem driver did not safely handle unlinking of an inode that, due to filesystem corruption, already has a link count of 0. An attacker able to mount arbitrary ext4 volumes could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation. CVE-2019-19768 Tristan Madani reported a race condition in the blktrace debug facility that could result in a use-after-free. A local user able to trigger removal of block devices could possibly use this to cause a denial of service (crash) or for privilege escalation. CVE-2019-20636 The syzbot tool found that the input subsystem did not fully validate keycode changes, which could result in a heap out-of-bounds write. A local user permitted to access the device node for an input or VT device could possibly use this to cause a denial of service (crash or memory corruption) or for privilege escalation. CVE-2020-0009 Jann Horn reported that the Android ashmem driver did not prevent read-only files from being memory-mapped and then remapped as read-write. However, Android drivers are not enabled in Debian kernel configurations. CVE-2020-0543 Researchers at VU Amsterdam discovered that on some Intel CPUs supporting the RDRAND and RDSEED instructions, part of a random value generated by these instructions may be used in a later speculative execution on any core of the same physical CPU. Depending on how these instructions are used by applications, a local user or VM guest could use this to obtain sensitive information such as cryptographic keys from other users or VMs. This vulnerability can be mitigated by a microcode update, either as part of system firmware (BIOS) or through the intel-microcode package in Debian last seen 2020-06-13 modified 2020-06-10 plugin id 137283 published 2020-06-10 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137283 title Debian DLA-2241-2 : linux security update NASL family Debian Local Security Checks NASL id DEBIAN_DLA-2242.NASL description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-2182 Hanjun Guo and Lei Li reported a race condition in the arm64 virtual memory management code, which could lead to an information disclosure, denial of service (crash), or possibly privilege escalation. CVE-2019-5108 Mitchell Frank of Cisco discovered that when the IEEE 802.11 (WiFi) stack was used in AP mode with roaming, it would trigger roaming for a newly associated station before the station was authenticated. An attacker within range of the AP could use this to cause a denial of service, either by filling up a switching table or by redirecting traffic away from other stations. CVE-2019-19319 Jungyeon discovered that a crafted filesystem can cause the ext4 implementation to deallocate or reallocate journal blocks. A user permitted to mount filesystems could use this to cause a denial of service (crash), or possibly for privilege escalation. CVE-2019-19462 The syzbot tool found a missing error check in the last seen 2020-06-12 modified 2020-06-11 plugin id 137339 published 2020-06-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137339 title Debian DLA-2242-1 : linux-4.9 security update NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2020-5714.NASL description Description of changes: [5.4.17-2011.3.2.1.el8uek] - x86/speculation: Add Ivy Bridge to affected list (Josh Poimboeuf) [Orabug: 31352779] {CVE-2020-0543} - x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31352779] {CVE-2020-0543} - x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31352779] {CVE-2020-0543} - x86/cpu: Add last seen 2020-06-13 modified 2020-06-10 plugin id 137290 published 2020-06-10 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137290 title Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2020-5714) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4389-1.NASL description It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2020-0067) It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. (CVE-2020-0543) Piotr Krysiuk discovered that race conditions existed in the file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12114) It was discovered that the USB susbsystem last seen 2020-06-13 modified 2020-06-10 plugin id 137299 published 2020-06-10 reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137299 title Ubuntu 20.04 : linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oracle (USN-4389-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2020-2432.NASL description The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2432 advisory. - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543) - hw: Vector Register Data Sampling (CVE-2020-0548) - hw: L1D Cache Eviction Sampling (CVE-2020-0549) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-12 modified 2020-06-11 plugin id 137337 published 2020-06-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137337 title CentOS 7 : microcode_ctl (CESA-2020:2432) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4390-1.NASL description It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2020-0067) It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. (CVE-2020-0543) Piotr Krysiuk discovered that race conditions existed in the file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12114) It was discovered that the USB susbsystem last seen 2020-06-13 modified 2020-06-10 plugin id 137300 published 2020-06-10 reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137300 title Ubuntu 16.04 LTS / 18.04 LTS : linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, (USN-4390-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4387-1.NASL description It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2020-0067) It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. (CVE-2020-0543) Piotr Krysiuk discovered that race conditions existed in the file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12114) It was discovered that the USB susbsystem last seen 2020-06-13 modified 2020-06-10 plugin id 137297 published 2020-06-10 reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137297 title Ubuntu 18.04 LTS / 19.10 : linux, linux-aws, linux-aws-5.3, linux-azure, linux-azure-5.3, linux-gcp, (USN-4387-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2020-791.NASL description This update for ucode-intel fixes the following issues : Updated Intel CPU Microcode to 20200602 (prerelease) (bsc#1172466) This update contains security mitigations for : - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or last seen 2020-06-12 modified 2020-06-11 plugin id 137351 published 2020-06-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137351 title openSUSE Security Update : ucode-intel (openSUSE-2020-791) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4698.NASL description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2019-2182 Hanjun Guo and Lei Li reported a race condition in the arm64 virtual memory management code, which could lead to an information disclosure, denial of service (crash), or possibly privilege escalation. - CVE-2019-5108 Mitchell Frank of Cisco discovered that when the IEEE 802.11 (WiFi) stack was used in AP mode with roaming, it would trigger roaming for a newly associated station before the station was authenticated. An attacker within range of the AP could use this to cause a denial of service, either by filling up a switching table or by redirecting traffic away from other stations. - CVE-2019-19319 Jungyeon discovered that a crafted filesystem can cause the ext4 implementation to deallocate or reallocate journal blocks. A user permitted to mount filesystems could use this to cause a denial of service (crash), or possibly for privilege escalation. - CVE-2019-19462 The syzbot tool found a missing error check in the last seen 2020-06-12 modified 2020-06-11 plugin id 137340 published 2020-06-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137340 title Debian DSA-4698-1 : linux - security update NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4699.NASL description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2019-3016 It was discovered that the KVM implementation for x86 did not always perform TLB flushes when needed, if the paravirtualised TLB flush feature was enabled. This could lead to disclosure of sensitive information within a guest VM. - CVE-2019-19462 The syzkaller tool found a missing error check in the last seen 2020-06-12 modified 2020-06-11 plugin id 137341 published 2020-06-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137341 title Debian DSA-4699-1 : linux - security update NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4385-2.NASL description USN-4385-1 provided updated Intel Processor Microcode. Unfortunately, that update prevented certain processors in the Intel Skylake family (06_4EH) from booting successfully. Additonally, on Ubuntu 20.04 LTS, late loading of microcode was enabled, which could lead to system instability. This update reverts the microcode update for the Skylake processor family and disables the late loading option on Ubuntu 20.04 LTS. Please note that the last seen 2020-06-12 modified 2020-06-11 plugin id 137352 published 2020-06-11 reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137352 title Ubuntu 16.04 LTS / 18.04 LTS / 19.10 / 20.04 : intel-microcode regression (USN-4385-2) NASL family Scientific Linux Local Security Checks NASL id SL_20200610_MICROCODE_CTL_ON_SL6_X.NASL description Security Fix(es) : - hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543) - hw: L1D Cache Eviction Sampling (CVE-2020-0549) - hw: Vector Register Data Sampling (CVE-2020-0548) last seen 2020-06-12 modified 2020-06-11 plugin id 137348 published 2020-06-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137348 title Scientific Linux Security Update : microcode_ctl on SL6.x i386/x86_64 (20200610) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2020-5722.NASL description Description of changes: [4.1.12-124.39.5.1.el7uek] - x86/speculation: Add Ivy Bridge to affected list (Josh Poimboeuf) [Orabug: 31352782] {CVE-2020-0543} - x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31352782] {CVE-2020-0543} - x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31352782] {CVE-2020-0543} - x86/cpu: Add last seen 2020-06-13 modified 2020-06-12 plugin id 137388 published 2020-06-12 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137388 title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5722) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2020-163-01.NASL description New kernel packages are available for Slackware 14.2 to fix security issues. last seen 2020-06-13 modified 2020-06-12 plugin id 137391 published 2020-06-12 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137391 title Slackware 14.2 : Slackware 14.2 kernel (SSA:2020-163-01)
Redhat
| rpms |
|
The Hacker News
| id | THN:8841D27BD6D8D04E9583E7E0F20898D5 |
| last seen | 2020-06-10 |
| modified | 2020-06-10 |
| published | 2020-06-10 |
| reporter | The Hacker News |
| source | https://thehackernews.com/2020/06/intel-sgaxe-crosstalk-attacks.html |
| title | Intel CPUs Vulnerable to New 'SGAxe' and 'CrossTalk' Side-Channel Attacks |
References
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00320.html
- https://usn.ubuntu.com/4385-1/
- https://usn.ubuntu.com/4388-1/
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00025.html
- https://usn.ubuntu.com/4392-1/
- https://usn.ubuntu.com/4393-1/
- https://usn.ubuntu.com/4389-1/
- https://usn.ubuntu.com/4387-1/
- https://usn.ubuntu.com/4390-1/
- https://usn.ubuntu.com/4391-1/
- http://www.openwall.com/lists/oss-security/2020/07/14/5
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-534763.pdf
- https://kc.mcafee.com/corporate/index?page=content&id=SB10318
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NQZMOSHLTBBIECENNXA6M7DN5FEED4KI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5OUM24ZC43G4IDT3JUCIHJTSDXJSK6Y/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DT2VKDMQ3I37NBNJ256A2EXR7OJHXXKZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRFC7UAPKAFFH5WX3AMDUBVHLKYQA2NZ/