Intel Processors Data Leakage Advisory

Page 1 of 5 123 ... LastLast
    Intel Processors Data Leakage Advisory

    Intel Processors Data Leakage Advisory


    Last Updated: 30 Jan 2020 at 12:34
    UPDATE 1/30: KB4497165 Intel microcode updates for Windows 10 1903 and 1909 Jan. 30


    Intel ID: INTEL-SA-00329
    Advisory Category: Hardware
    Impact of vulnerability: Information Disclosure
    Severity rating: MEDIUM
    Original release: 01/27/2020
    Last revised: 01/27/2020

    Summary:

    Potential security vulnerabilities in some Intel® Processors may allow information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities.

    Vulnerability Details:

    CVEID: CVE-2020-0548
    Description: Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
    CVSS Base Score: 2.8 Low
    CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

    CVEID: CVE-2020-0549
    Description: Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
    CVSS Base Score: 6.5 Medium
    CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

    Affected Products:

    A list of impacted products can be found here.

    Recommendations:

    Intel will release Intel® Processor microcode updates to our customers and partners as part of our regular Intel Platform Update (IPU) process.

    Intel recommends that users of affected Intel® Processors check with their system manufacturers and system software vendors and update to the latest microcode update when available.

    Additional technical details about these vulnerabilities can be found at:
    L1D Eviction Sampling
    Vector Register Sampling

    Acknowledgements:

    Intel would like to thank the following individuals for finding, reporting and coordinating these vulnerabilities to us.

    Intel thanks TU Graz and KU Leuven for disclosure of CVE-2020-0549.

    Graz University of Technology: Moritz Lipp, Michael Schwarz, Daniel Gruss.

    KU Leuven: Jo Van Bulck.

    Intel thanks VU Amsterdam, for disclosure of CVE-2020-0548 and CVE-2020-0549. VUSec group at VU Amsterdam: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida.

    Researchers from TU Graz and Ku Leuven provided Intel with a Proof of Concept (POC) in May 2019 and researchers from VU Amsterdam provided Proof of Concept (POC) in October 2019. Intel subsequently confirmed each submission demonstrates CVE-2020-0549 individually.

    Revision History

    Revision Date Description
    1.0 01/27/2020 Initial Release

    Source: https://www.intel.com/content/www/us...-sa-00329.html

    See also:
    Brink's Avatar Posted By: Brink
    28 Jan 2020

  1. ThrashZone's Avatar
    Posts : 7,108
    3-Win-7Prox64 2-Win10Prox64
       #1

    Hi,
    The Intel gift that keeps on giving.
      My Computers

  2. RK1997's Avatar
    Posts : 469
    Windows 10 Pro 20H2 x64
       #2

    What should one do when the OEM hasn't patched 2019's vulnerabilities yet?
      My Computers

  3. ThrashZone's Avatar
    Posts : 7,108
    3-Win-7Prox64 2-Win10Prox64
       #3

    Hi,
    I'd imagine windows updates will address the issues eventually.
      My Computers

  4. RK1997's Avatar
    Posts : 469
    Windows 10 Pro 20H2 x64
       #4

    ThrashZone said:
    Hi,
    I'd imagine windows updates will address the issues eventually.
    Haven't got a firmware update since March, 2019 either through OEM or Windows Update.
      My Computers


  5. Posts : 1,323
    Windows 10 Pro 64bit 20H2 19042.844
       #5

    Last Bios update for my Asus G11CD-K System was 7/20/2018 lol (for Kabylake) Will Keep Eye on there driver site every so often, and also Windows Update, all can do i suppose just wait patiently for updated Microcode lol.

    Then have to watch HP's site for my HP Omen I7 7700HQ system as well lol
      My Computers

  6. ThrashZone's Avatar
    Posts : 7,108
    3-Win-7Prox64 2-Win10Prox64
       #6

    Hi,
    Kind of a catch 22 deal depending on how one feels about drivers from MS updates
    Driver updates should address this and other Intel micro code issues.
      My Computers

  7. 151tom's Avatar
    Posts : 21
    Windows 10 Pro (64bit) & Linux (64bit)
       #7

    Unfortunately intel doesn't care about it's consumers as none of my intel core 2 duo e7500 processors will ever receive a patch.

    I'll have to rely on the OS developers to produce security patches for the flawed processors intel knowingly produced and sold to consumers.

    It's sad when a company as large as intel knowingly produces a flawed product and then doesn't stand behind the flawed product.

    And I have no link to this however it was uncovered when the Meltdown / Spectre vulnerability was discovered.

    No more intel products for this user unless free.

    Yes I'm a grudge holder.
      My Computer

  8. Steve C's Avatar
    Posts : 6,290
    Windows 10 Pro 64 bit
       #8

    I have a i5-8265U CPU in my HP laptop. Nothing yet from HP. I wonder how long a fix will take from HP or MS?
      My Computers

  9. eLPuSHeR's Avatar
    Posts : 2,448
    Windows 10 Home x64
       #9

    I am fed up with Intel vulnerabilities every day. I should have got a Ryzen cpu.
      My Computer


 
Page 1 of 5 123 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 14:43.
Find Us




Windows 10 Forums