We do often include affiliate links to earn us some pennies. See more here.

Intel are not having a good time lately are they? More vulnerabilities in their CPUs have been made public.

How many is that Intel have had recently that affect them? Quite a lot. This time, it appears AMD are not affected at least. Still, this is a lot of major security problems to go through with Spectre and Meltdown, Foreshadow and ZombieLoad. Currently, Intel are saying that they're "not aware of any use of these issues outside of a controlled lab environment" so you don't need to go and panic just yet. Just keep an eye on updates for your distribution and motherboard BIOS updates.

Here's they two they're now talking about:

CVE-2020-0548 is an information disclosure vulnerability with a CVSS score of 2.8, low, referred to as Vector Register Sampling. This issue is rated “low” as the user would first need to be authenticated on the target system, the high complexity of an attack, and low confidence in the attacker’s ability to target and retrieve relevant data.

CVE-2020-0549 is also an information disclosure vulnerability requiring authenticated local access. The CVSS score is 6.5, medium. Referred to as L1D Eviction Sampling, the severity score is higher on this one because the attack complexity is lower and the ability to target specific data higher. This vulnerability has little to no impact in virtual environments that have applied L1 Terminal Fault mitigations.

If you have an Intel CPU made before Q4 2018, you're likely affected. CVE-2020-0549, which is also being called CacheOut which has a dedicated website mentions that "Intel inadvertently managed to partially mitigate this issue while addressing a previous issue".

You can see Intel's official post on it here.

Article taken from GamingOnLinux.com.
20 Likes
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly came back to check on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly.
See more from me
The comments on this article are closed.
37 comments
Page: 1/4»
  Go to:

NeoTheFox Jan 28, 2020
RESET THE COUNTER
Spoiler, click me


Last edited by NeoTheFox on 28 January 2020 at 12:47 pm UTC
Eike Jan 28, 2020
View PC info
  • Supporter Plus
After a little scare, I realized...
No Intel anymore for two weeks now. :)

(I guess all CPUs have their share, though.)


Last edited by Eike on 28 January 2020 at 12:44 pm UTC
gojul Jan 28, 2020
My next PC in several years from now will be AMD-based.

However this issue only affects Skylake-based CPUs, and I have Haswell on which TSX is disabled.
sub Jan 28, 2020
Quoting: gojulMy next PC in several years from now will be AMD-based.

However this issue only affects Skylake-based CPUs, and I have Haswell on which TSX is disabled.

Intel will probably disable TSX on newer CPUs which apparently became a good tradition by now.

https://twitter.com/rygorous/status/1221918506012368896


Last edited by sub on 28 January 2020 at 12:50 pm UTC
beko Jan 28, 2020
Well, the feature list for my recent Coffee-Lake is also impressive already:

  • cpu_meltdown

  • spectre_v1

  • spectre_v2

  • spec_store_bypass

  • l1tf

  • mds

  • swapgs

  • taa

  • itlb_multihit
Cloversheen Jan 28, 2020
Not amazing news for sure, but a big plus for the headline, it made me laugh more than it probably should have.

Guess it is time to read up on it in order to advice friends and acquaintances who are overly susceptible to scare-mongering.
coeseta Jan 28, 2020
Good thing I switched to a Ryzen 7 3700X last week :)

Still have a laptop with an Intel i5-3570 though.
Ehvis Jan 28, 2020
View PC info
  • Supporter Plus
The vulnerabilities get a surprising amount of press compared to the risk they pose for the average person. I know just enough to realise that there is no reason to worry about these issues for any of my use cases and they I can even safely turn off all the mitigations. It does make me wonder how many people actually think that their computer might get hacked from these problems.
Eike Jan 28, 2020
View PC info
  • Supporter Plus
Quoting: EhvisThe vulnerabilities get a surprising amount of press compared to the risk they pose for the average person. I know just enough to realise that there is no reason to worry about these issues for any of my use cases and they I can even safely turn off all the mitigations. It does make me wonder how many people actually think that their computer might get hacked from these problems.

Yes, there are bigger risks with actual exploits in the wild, but to the best of my understanding, some of those "modern" problems (Spectre and following) do impose risks e.g. on browser processes as well. Still they are very interesting theoretically, but not so much in practice. In real world, the biggest security problem is sitting between keyboard and chair.
SirLootALot Jan 28, 2020
Quoting: EhvisThe vulnerabilities get a surprising amount of press compared to the risk they pose for the average person. I know just enough to realise that there is no reason to worry about these issues for any of my use cases and they I can even safely turn off all the mitigations. It does make me wonder how many people actually think that their computer might get hacked from these problems.

If a carmanufacturer had a malfunctioning car alarmsystem or doorlocking mechanism it would probably get similar coverage even though most people would still be able to park their cars on public roads.
Not sure if this is even that much coverage.
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations: PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
The comments on this article are closed.