Intel announced two vulnerabilities affecting many processors with CVSS base score of 2.8 and 6.5 that will be patched soon.
Intel has officially announced two new vulnerabilities with CVEIDs CVE-2020-0548 and CVE-2020-5049. CVSS scores of the vulnerabilities are 2.8 and 6.5. The vulnerability with the lower CVSS score is described as: Cleanup errors in some Intel Processors may allow an authenticated user to potentially enable information disclosure via local access. The 2nd vulnerability is described as: Cleanup errors in some data cache evictions for some Intel Processors may allow an authenticated user to potentially enable information disclosure via local access.
Updates are not yet available
Intel urged users to update their systems as soon as updates are released. Intel tried to fix these vulnerabilities before but the patch released in May has failed. Intel has also published a list of processors affected by the L1D eviction sampling issue. Intel also thanks Moritz Lipp, Michael Schwarz, Daniel Gruss from Graz University of Technology, Jo Van Bulck from KU Leuven, and Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida from VUSec group at VU Amsterdam.
See more Cyber Security News