Attacker Value
Low
1

CVE-2020-0543 CROSSTALK

Disclosure Date: June 15, 2020

Exploitability

(1 user assessed) Moderate
Attack Vector
Local
Privileges Required
Low
User Interaction
None

Description

Incomplete cleanup from specific special register read operations in some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access.

Add Assessment

1
Ratings
Technical Analysis

This continues to bury SGX as an actual security mechanism users should be interested in. For leaking keys where you have local access, this is useful for Intel CPUs manufactured in the last 5 years. For general purpose exploitation though, this is less likely to be useful, and the overall risk of using this mechanism still leaves many developers who might use this feature suspicious as they ever were.

The huge performance degradation of RDRAND also isn’t great, though the real problem is for virtual hosting providers where a malicious process or VM can kill overall memory bus performance. https://www.phoronix.com/scan.php?page=news_item&px=RdRand-3-Percent

There are some funny secret-squirrel uses here for the mitigation, as it enables a totally different side-channel problem, but nothing you’d likely see more as a novelty: https://twitter.com/Kryptoblog/status/1270601775184334849

Technical Analysis