发布时间:2020-02-09 22:38:09,来源:中国信息通信研究院
Intel处理器存在信息泄露漏洞,CVE编号:CVE-2020-0549。该漏洞可允许在一组特定的复杂条件下推断L1数据缓存(L1D)中某些修改后的高速缓存行中的数据值,导致信息泄露。
Intel将该漏洞称为L1D Eviction Sampling。某些微体系结构的某些处理器上,最近清除的修改过的L1D高速缓存行可能会传播到未使用的(无效的)L1D填充缓冲区中。在受microarchitecture Data Samping(MDS)或Transactional Asynchronous Abort(TAA)影响的处理器上,可以使用这些侧信道方法之一推断来自L1D填充缓冲区的数据。结合这两个漏洞,攻击者就有可能从修改过的高速缓存行中推断出数据值,这些数据值是之前被L1D删除的。
Intel已经确认该漏洞影响下列产品:
Family_Model | Stepping | Processor family/Processor number series | Affected |
06_55H | <=7 | First/Second generation Intel® Xeon® Processor Scalable Family based on Skylake/Cascade Lake microarchitecture ™ | Yes |
06_4EH, 06_5EH | All | 6th generation Intel® Core™ processors and Intel® Xeon® processor E3-1500m v5 product family and E3- 1200 v5 product family based on Skylake microarchitecture | Yes |
06_8EH | <=A | 7th/8th generation Intel® Core™ processors based on Kaby/Coffee Lake microarchitecture | Yes |
06_9EH | <=B | 7th/8th generation Intel® Core™ processors based on Kaby/Coffee Lake microarchitecture | Yes |
06_9EH | 0xC | Coffee Lake | Yes |
06_8EH | 0xB | 8th generation Intel® Core™ processors based on Whiskey Lake(ULT) | Yes |
06_8EH | 0xC | Whiskey Lake (ULT refresh) | Yes |
06_9EH | 0xD | Whiskey Lake (Desktop) | Yes |
06_8EH | C | 10th Generation Intel® Core™ processors based on Amber Lake Y | Yes |
四、 处置建议
Intel将向客户和合作伙伴发布Intel®处理器微代码更新,建议受影响的Intel®处理器的用户关注厂商通知并及时进行微代码更新。
1) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0549
2) https://nvd.nist.gov/vuln/detail/CVE-2020-0549