Bug 1788786 (CVE-2020-0548) - CVE-2020-0548 hw: Vector Register Data Sampling
Summary: CVE-2020-0548 hw: Vector Register Data Sampling
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-0548
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1795352 1795354 1795348 1795353
Blocks: 1790307
TreeView+ depends on / blocked
 
Reported: 2020-01-08 05:43 UTC by Wade Mealing
Modified: 2020-07-07 10:19 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read by another process or a CPU sibling. The highest threat from this vulnerability is data confidentiality where an attacker could read arbitrary data as it passes through the processor.
Clone Of:
Environment:
Last Closed: 2020-06-09 23:20:26 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:2431 None None None 2020-06-09 18:12:47 UTC
Red Hat Product Errata RHSA-2020:2432 None None None 2020-06-09 22:57:51 UTC
Red Hat Product Errata RHSA-2020:2433 None None None 2020-06-09 19:23:15 UTC
Red Hat Product Errata RHSA-2020:2677 None None None 2020-06-23 13:11:46 UTC
Red Hat Product Errata RHSA-2020:2679 None None None 2020-06-23 13:46:24 UTC
Red Hat Product Errata RHSA-2020:2680 None None None 2020-06-23 13:52:30 UTC
Red Hat Product Errata RHSA-2020:2706 None None None 2020-06-23 15:36:50 UTC
Red Hat Product Errata RHSA-2020:2707 None None None 2020-06-23 15:36:16 UTC
Red Hat Product Errata RHSA-2020:2757 None None None 2020-06-29 07:46:40 UTC
Red Hat Product Errata RHSA-2020:2758 None None None 2020-06-29 08:11:02 UTC
Red Hat Product Errata RHSA-2020:2771 None None None 2020-06-30 12:11:29 UTC
Red Hat Product Errata RHSA-2020:2842 None None None 2020-07-07 10:19:01 UTC

Description Wade Mealing 2020-01-08 05:43:51 UTC
A flaw was found in the implementation of Intel processors where a local attacker may be able to enable to gain information about registers used for vector calculations by observing register state from other processes running on the system.

Reference:
----------
  -> https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling

Additional information:
-----------------------
  -> https://en.wikipedia.org/wiki/Vector_processor
  -> https://software.intel.com/en-us/articles/introduction-to-intel-advanced-vector-extensions

Comment 3 Prasad J Pandit 2020-01-27 18:22:18 UTC
Created microcode_ctl tracking bugs for this issue:

Affects: fedora-all [bug 1795348]

Comment 9 errata-xmlrpc 2020-06-09 18:12:46 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:2431 https://access.redhat.com/errata/RHSA-2020:2431

Comment 10 errata-xmlrpc 2020-06-09 19:23:13 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2020:2433 https://access.redhat.com/errata/RHSA-2020:2433

Comment 11 errata-xmlrpc 2020-06-09 22:57:50 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:2432 https://access.redhat.com/errata/RHSA-2020:2432

Comment 12 Product Security DevOps Team 2020-06-09 23:20:26 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-0548

Comment 13 errata-xmlrpc 2020-06-23 13:11:43 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2020:2677 https://access.redhat.com/errata/RHSA-2020:2677

Comment 14 errata-xmlrpc 2020-06-23 13:46:22 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Advanced Update Support

Via RHSA-2020:2679 https://access.redhat.com/errata/RHSA-2020:2679

Comment 15 errata-xmlrpc 2020-06-23 13:52:27 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Advanced Update Support
  Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.3 Telco Extended Update Support

Via RHSA-2020:2680 https://access.redhat.com/errata/RHSA-2020:2680

Comment 16 errata-xmlrpc 2020-06-23 15:36:13 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.5 Advanced Update Support

Via RHSA-2020:2707 https://access.redhat.com/errata/RHSA-2020:2707

Comment 17 errata-xmlrpc 2020-06-23 15:36:48 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.6 Advanced Update Support

Via RHSA-2020:2706 https://access.redhat.com/errata/RHSA-2020:2706

Comment 18 errata-xmlrpc 2020-06-29 07:46:37 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:2757 https://access.redhat.com/errata/RHSA-2020:2757

Comment 19 errata-xmlrpc 2020-06-29 08:10:58 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Extended Update Support

Via RHSA-2020:2758 https://access.redhat.com/errata/RHSA-2020:2758

Comment 20 errata-xmlrpc 2020-06-30 12:11:26 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support
  Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.4 Telco Extended Update Support

Via RHSA-2020:2771 https://access.redhat.com/errata/RHSA-2020:2771

Comment 21 errata-xmlrpc 2020-07-07 10:18:56 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Extended Update Support

Via RHSA-2020:2842 https://access.redhat.com/errata/RHSA-2020:2842


Note You need to log in before you can comment on or make changes to this bug.