Attacker Value
Low
(1 user assessed)
Exploitability
Moderate
(1 user assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
1

CVE-2020-0543 CROSSTALK

Disclosure Date: June 15, 2020
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Incomplete cleanup from specific special register read operations in some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access.

Add Assessment

1
Ratings
Technical Analysis

This continues to bury SGX as an actual security mechanism users should be interested in. For leaking keys where you have local access, this is useful for Intel CPUs manufactured in the last 5 years. For general purpose exploitation though, this is less likely to be useful, and the overall risk of using this mechanism still leaves many developers who might use this feature suspicious as they ever were.

The huge performance degradation of RDRAND also isn’t great, though the real problem is for virtual hosting providers where a malicious process or VM can kill overall memory bus performance. https://www.phoronix.com/scan.php?page=news_item&px=RdRand-3-Percent

There are some funny secret-squirrel uses here for the mitigation, as it enables a totally different side-channel problem, but nothing you’d likely see more as a novelty: https://twitter.com/Kryptoblog/status/1270601775184334849

CVSS V3 Severity and Metrics
Base Score:
5.5 Medium
Impact Score:
3.6
Exploitability Score:
1.8
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
None
Availability (A):
None

General Information

Products

  • Intel(R) Processors

References

Advisory

Additional Info

Technical Analysis