Attacker Value

Low

(1 user assessed)

Exploitability

Moderate

(1 user assessed)

User Interaction

None

Privileges Required

Low

Attack Vector

Local

1

CVE-2020-0543 CROSSTALK

Disclosure Date: June 15, 2020 •

CVE-2020-0543 CVSS v3 Base Score: 5.5

Description

Incomplete cleanup from specific special register read operations in some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access.

Add Assessment

1

busterb (317)

June 15, 2020 8:18pm UTC (4 years ago)•

Ratings

Attacker Value

Low

Exploitability

Medium

Common in enterprise Easy to weaponize Vulnerable in default configuration

Technical Analysis

This continues to bury SGX as an actual security mechanism users should be interested in. For leaking keys where you have local access, this is useful for Intel CPUs manufactured in the last 5 years. For general purpose exploitation though, this is less likely to be useful, and the overall risk of using this mechanism still leaves many developers who might use this feature suspicious as they ever were.

The huge performance degradation of RDRAND also isn’t great, though the real problem is for virtual hosting providers where a malicious process or VM can kill overall memory bus performance. https://www.phoronix.com/scan.php?page=news_item&px=RdRand-3-Percent

There are some funny secret-squirrel uses here for the mitigation, as it enables a totally different side-channel problem, but nothing you’d likely see more as a novelty: https://twitter.com/Kryptoblog/status/1270601775184334849

Log in to Add Reply

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

5.5 Medium

Impact Score:

3.6

Exploitability Score:

1.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

None

Availability (A):

None

Products

Intel(R) Processors

References

Canonical

CVE-2020-0543 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0543)

Advisory

USN-4385-1 (https://usn.ubuntu.com/4385-1)

USN-4388-1 (https://usn.ubuntu.com/4388-1)

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00025.html

USN-4392-1 (https://usn.ubuntu.com/4392-1)

USN-4393-1 (https://usn.ubuntu.com/4393-1)

USN-4389-1 (https://usn.ubuntu.com/4389-1)

USN-4387-1 (https://usn.ubuntu.com/4387-1)

FEDORA-2020-3364913ace (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQZMOSHLTBBIECENNXA6M7DN5FEED4KI)

FEDORA-2020-e8835a5f8e (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T5OUM24ZC43G4IDT3JUCIHJTSDXJSK6Y)

USN-4390-1 (https://usn.ubuntu.com/4390-1)

USN-4391-1 (https://usn.ubuntu.com/4391-1)

FEDORA-2020-11ddbfbdf0 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DT2VKDMQ3I37NBNJ256A2EXR7OJHXXKZ)

[oss-security] 20200714 Flatcar membership on the linux-distros list (http://www.openwall.com/lists/oss-security/2020/07/14/5)

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html

USN-4385-1 (https://usn.ubuntu.com/4385-1/)

USN-4388-1 (https://usn.ubuntu.com/4388-1/)

USN-4392-1 (https://usn.ubuntu.com/4392-1/)

USN-4393-1 (https://usn.ubuntu.com/4393-1/)

USN-4389-1 (https://usn.ubuntu.com/4389-1/)

USN-4387-1 (https://usn.ubuntu.com/4387-1/)

FEDORA-2020-3364913ace (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQZMOSHLTBBIECENNXA6M7DN5FEED4KI/)

FEDORA-2020-e8835a5f8e (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T5OUM24ZC43G4IDT3JUCIHJTSDXJSK6Y/)

USN-4390-1 (https://usn.ubuntu.com/4390-1/)

USN-4391-1 (https://usn.ubuntu.com/4391-1/)

FEDORA-2020-11ddbfbdf0 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DT2VKDMQ3I37NBNJ256A2EXR7OJHXXKZ/)

https://cert-portal.siemens.com/productcert/pdf/ssa-534763.pdf

https://kc.mcafee.com/corporate/index?page=content&id=SB10318

FEDORA-2020-1afbe7ba2d (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GRFC7UAPKAFFH5WX3AMDUBVHLKYQA2NZ/)

Miscellaneous

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00320.html

Rapid7

Technical Analysis