Name | CVE-2020-0551 |
Description | Load value injection in some Intel(R) Processors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. The list of affected products is provided in intel-sa-00334: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
https://software.intel.com/security-software-guidance/software-guidance/load-value-injection
https://software.intel.com/security-software-guidance/insights/deep-dive-load-value-injection
https://xenbits.xen.org/xsa/advisory-315.html
https://lviattack.eu/
No mitigation will provided by this issue in software, primarily impacts Intel SGX
binutils/toolchain updates will include a patch that optionally emits lfence
instructions in problematic situations (but have performance impact), cf.
https://sourceware.org/pipermail/binutils/2020-March/110175.html