New
#1
Hi,
The Intel gift that keeps on giving.
Intel Processors Data Leakage Advisory
-
-
New #2
What should one do when the OEM hasn't patched 2019's vulnerabilities yet?
-
New #3
Hi,
I'd imagine windows updates will address the issues eventually.
-
New #4
-
New #5
Last Bios update for my Asus G11CD-K System was 7/20/2018 lol (for Kabylake) Will Keep Eye on there driver site every so often, and also Windows Update, all can do i suppose just wait patiently for updated Microcode lol.
Then have to watch HP's site for my HP Omen I7 7700HQ system as well lol
-
New #6
Hi,
Kind of a catch 22 deal depending on how one feels about drivers from MS updates
Driver updates should address this and other Intel micro code issues.
-
New #7
Unfortunately intel doesn't care about it's consumers as none of my intel core 2 duo e7500 processors will ever receive a patch.
I'll have to rely on the OS developers to produce security patches for the flawed processors intel knowingly produced and sold to consumers.
It's sad when a company as large as intel knowingly produces a flawed product and then doesn't stand behind the flawed product.
And I have no link to this however it was uncovered when the Meltdown / Spectre vulnerability was discovered.
No more intel products for this user unless free.
Yes I'm a grudge holder.
-
New #8
I have a i5-8265U CPU in my HP laptop. Nothing yet from HP. I wonder how long a fix will take from HP or MS?
-
-
New #9
I am fed up with Intel vulnerabilities every day. I should have got a Ryzen cpu.
Intel Processors Data Leakage Advisory
Last Updated: 30 Jan 2020 at 13:34
UPDATE 1/30: KB4497165 Intel microcode updates for Windows 10 1903 and 1909 Jan. 30
Intel ID: INTEL-SA-00329 Advisory Category: Hardware Impact of vulnerability: Information Disclosure Severity rating: MEDIUM Original release: 01/27/2020 Last revised: 01/27/2020
Summary:
Potential security vulnerabilities in some Intel® Processors may allow information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities.
Vulnerability Details:
CVEID: CVE-2020-0548
Description: Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVSS Base Score: 2.8 Low
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
CVEID: CVE-2020-0549
Description: Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVSS Base Score: 6.5 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Affected Products:
A list of impacted products can be found here.
Recommendations:
Intel will release Intel® Processor microcode updates to our customers and partners as part of our regular Intel Platform Update (IPU) process.
Intel recommends that users of affected Intel® Processors check with their system manufacturers and system software vendors and update to the latest microcode update when available.
Additional technical details about these vulnerabilities can be found at:
L1D Eviction Sampling
Vector Register Sampling
Acknowledgements:
Intel would like to thank the following individuals for finding, reporting and coordinating these vulnerabilities to us.
Intel thanks TU Graz and KU Leuven for disclosure of CVE-2020-0549.
Graz University of Technology: Moritz Lipp, Michael Schwarz, Daniel Gruss.
KU Leuven: Jo Van Bulck.
Intel thanks VU Amsterdam, for disclosure of CVE-2020-0548 and CVE-2020-0549. VUSec group at VU Amsterdam: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida.
Researchers from TU Graz and Ku Leuven provided Intel with a Proof of Concept (POC) in May 2019 and researchers from VU Amsterdam provided Proof of Concept (POC) in October 2019. Intel subsequently confirmed each submission demonstrates CVE-2020-0549 individually.
Revision History
Revision Date Description 1.0 01/27/2020 Initial Release
Source: https://www.intel.com/content/www/us...-sa-00329.html
See also:
Quote
Related Discussions
