{
  "threat_severity" : "Low",
  "public_date" : "2020-01-27T13:00:00Z",
  "bugzilla" : {
    "description" : "hw: Vector Register Data Sampling",
    "id" : "1788786",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
  },
  "cvss3" : {
    "cvss3_base_score" : "2.8",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-203->CWE-200",
  "details" : [ "Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", "A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read by another process or a CPU sibling. The highest threat from this vulnerability is data confidentiality where an attacker could read arbitrary data as it passes through the processor." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2020-06-09T00:00:00Z",
    "advisory" : "RHSA-2020:2433",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "microcode_ctl-2:1.17-33.26.el6_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6.5 Advanced Update Support",
    "release_date" : "2020-06-23T00:00:00Z",
    "advisory" : "RHSA-2020:2707",
    "cpe" : "cpe:/o:redhat:rhel_aus:6.5",
    "package" : "microcode_ctl-2:1.17-17.31.el6_5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6.6 Advanced Update Support",
    "release_date" : "2020-06-23T00:00:00Z",
    "advisory" : "RHSA-2020:2706",
    "cpe" : "cpe:/o:redhat:rhel_aus:6.6",
    "package" : "microcode_ctl-2:1.17-19.29.el6_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2020-06-10T00:00:00Z",
    "advisory" : "RHSA-2020:2432",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "microcode_ctl-2:2.1-61.6.el7_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2021-08-09T00:00:00Z",
    "advisory" : "RHSA-2021:3028",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "microcode_ctl-2:2.1-73.11.el7_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.2 Advanced Update Support",
    "release_date" : "2020-06-23T00:00:00Z",
    "advisory" : "RHSA-2020:2679",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.2",
    "package" : "microcode_ctl-2:2.1-12.30.el7_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.2 Advanced Update Support",
    "release_date" : "2021-08-31T00:00:00Z",
    "advisory" : "RHSA-2021:3323",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.2",
    "package" : "microcode_ctl-2:2.1-12.39.el7_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.3 Advanced Update Support",
    "release_date" : "2020-06-23T00:00:00Z",
    "advisory" : "RHSA-2020:2680",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.3",
    "package" : "microcode_ctl-2:2.1-16.33.el7_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.3 Advanced Update Support",
    "release_date" : "2021-08-31T00:00:00Z",
    "advisory" : "RHSA-2021:3322",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.3",
    "package" : "microcode_ctl-2:2.1-16.42.el7_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.3 Telco Extended Update Support",
    "release_date" : "2020-06-23T00:00:00Z",
    "advisory" : "RHSA-2020:2680",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.3",
    "package" : "microcode_ctl-2:2.1-16.33.el7_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions",
    "release_date" : "2020-06-23T00:00:00Z",
    "advisory" : "RHSA-2020:2680",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.3",
    "package" : "microcode_ctl-2:2.1-16.33.el7_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Advanced Update Support",
    "release_date" : "2020-06-30T00:00:00Z",
    "advisory" : "RHSA-2020:2771",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.4",
    "package" : "microcode_ctl-2:2.1-22.32.el7_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Advanced Update Support",
    "release_date" : "2021-08-24T00:00:00Z",
    "advisory" : "RHSA-2021:3255",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.4",
    "package" : "microcode_ctl-2:2.1-22.41.el7_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Telco Extended Update Support",
    "release_date" : "2020-06-30T00:00:00Z",
    "advisory" : "RHSA-2020:2771",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.4",
    "package" : "microcode_ctl-2:2.1-22.32.el7_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Telco Extended Update Support",
    "release_date" : "2021-08-24T00:00:00Z",
    "advisory" : "RHSA-2021:3255",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.4",
    "package" : "microcode_ctl-2:2.1-22.41.el7_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions",
    "release_date" : "2020-06-30T00:00:00Z",
    "advisory" : "RHSA-2020:2771",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.4",
    "package" : "microcode_ctl-2:2.1-22.32.el7_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions",
    "release_date" : "2021-08-24T00:00:00Z",
    "advisory" : "RHSA-2021:3255",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.4",
    "package" : "microcode_ctl-2:2.1-22.41.el7_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)",
    "release_date" : "2021-08-31T00:00:00Z",
    "advisory" : "RHSA-2021:3317",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.6",
    "package" : "microcode_ctl-2:2.1-47.23.el7_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Extended Update Support",
    "release_date" : "2020-07-07T00:00:00Z",
    "advisory" : "RHSA-2020:2842",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.6",
    "package" : "microcode_ctl-2:2.1-47.14.el7_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Telco Extended Update Support",
    "release_date" : "2021-08-31T00:00:00Z",
    "advisory" : "RHSA-2021:3317",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.6",
    "package" : "microcode_ctl-2:2.1-47.23.el7_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions",
    "release_date" : "2021-08-31T00:00:00Z",
    "advisory" : "RHSA-2021:3317",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.6",
    "package" : "microcode_ctl-2:2.1-47.23.el7_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.7 Extended Update Support",
    "release_date" : "2020-06-29T00:00:00Z",
    "advisory" : "RHSA-2020:2758",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.7",
    "package" : "microcode_ctl-2:2.1-53.9.el7_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.7 Extended Update Support",
    "release_date" : "2021-08-10T00:00:00Z",
    "advisory" : "RHSA-2021:3029",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.7",
    "package" : "microcode_ctl-2:2.1-53.18.el7_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2020-06-09T00:00:00Z",
    "advisory" : "RHSA-2020:2431",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "microcode_ctl-4:20191115-4.20200602.2.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-08-09T00:00:00Z",
    "advisory" : "RHSA-2021:3027",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "microcode_ctl-4:20210216-1.20210608.1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions",
    "release_date" : "2020-06-29T00:00:00Z",
    "advisory" : "RHSA-2020:2757",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.0",
    "package" : "microcode_ctl-4:20180807a-2.20200609.1.el8_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.1 Extended Update Support",
    "release_date" : "2020-06-23T00:00:00Z",
    "advisory" : "RHSA-2020:2677",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.1",
    "package" : "microcode_ctl-4:20190618-1.20200609.1.el8_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.1 Extended Update Support",
    "release_date" : "2021-08-17T00:00:00Z",
    "advisory" : "RHSA-2021:3176",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.1",
    "package" : "microcode_ctl-4:20190618-1.20210608.1.el8_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support",
    "release_date" : "2021-08-31T00:00:00Z",
    "advisory" : "RHSA-2021:3364",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.2",
    "package" : "microcode_ctl-4:20191115-4.20210608.1.el8_2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Out of support scope",
    "package_name" : "microcode_ctl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-0548\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-0548\nhttps://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling\nhttps://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/\nhttps://cacheoutattack.com/CacheOut.pdf\nhttps://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling" ],
  "name" : "CVE-2020-0548",
  "csaw" : false
}