{
  "threat_severity" : "Moderate",
  "public_date" : "2020-03-10T00:00:00Z",
  "bugzilla" : {
    "description" : "hw: Load Value Injection",
    "id" : "1753463",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1753463"
  },
  "cvss3" : {
    "cvss3_base_score" : "3.3",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
    "status" : "draft"
  },
  "cwe" : "CWE-440->CWE-385",
  "details" : [ "Load value injection in some Intel(R) Processors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. The list of affected products is provided in intel-sa-00334: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html", "A flaw was found in Intel's microprocessors. Intel microprocessors contain an implementation weakness that allows for an 'inverse MDS' style attack to be performed during store operations (writes to memory) and are stuffed maliciously into microarchitectural buffers from which unsuspecting victim code will later (speculatively) execute them. This allows an attacker to control and steer (speculative) execution, possibly allowing them to exploit gadgets in existing code to leak sensitive data. The highest threat from this vulnerability is to data confidentiality." ],
  "statement" : "CVE-2020-0551 is the CVE assigned specifically to the hardware implementation leading to this flaw. Unlike the L1TF microarchitectural issue, no additional CVE have been assigned at this time to cover operating systems or vmm/hypervisor specific implementations.\nAs this CVE is a flaw in specific hardware, not the operating system kernel, and operating system mitigations are already applied, Red Hat does not list the Red Hat Enterprise Linux kernel package as “affected” by this CVE.\nThis does not imply that the flaw can not be exposed on systems running Red Hat Enterprise Linux on vulnerable hardware, only that the flaws exist in the hardware implementation and no additional changes are deemed necessary or practical to address this flaw at the software layer. \nExisting mitigations released in Red Hat Enterprise Linux in response to Spectre V1 (https://access.redhat.com/security/vulnerabilities/speculativeexecution), L1TF (https://access.redhat.com/security/vulnerabilities/L1TF) and MDS (https://access.redhat.com/security/vulnerabilities/mds) should already provide significant barrier against exploitation of this attack vector and no new mitigation is planned at this time.",
  "acknowledgement" : "Red Hat would like to thank Intel and industry partners for reporting this issue.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-0551\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-0551\nhttps://access.redhat.com/articles/load-value-injection-flaw\nhttps://software.intel.com/security-software-guidance/insights/deep-dive-introduction-speculative-execution-side-channel-methods\nhttps://software.intel.com/security-software-guidance/insights/deep-dive-load-value-injection\nhttps://software.intel.com/security-software-guidance/software-guidance" ],
  "csaw" : true,
  "name" : "CVE-2020-0551",
  "mitigation" : {
    "value" : "For hardware vulnerable to these attacks, there is no known mitigation other than to upgrade to hardware that is not vulnerable to this flaw.\nDue to the high level of difficulty of the attack, and the performance impact which would be associated with any potential mitigations, there are currently no microcode or software mitigations for this issue other than previously existing Spectre V1 and SMAP mitigations described above.\nRed Hat doesn't currently have knowledge of any real-world occurrences of this attack, so the risk of attack may be considered low. To further minimize the possibility of attacks related to this and other speculative issues, trusted and untrusted workloads can be isolated on separate systems.\nFor further details about potential mitigations, see Intel's LVI deep dive whitepaper (https://software.intel.com/security-software-guidance/insights/deep-dive-load-value-injection).",
    "lang" : "en:us"
  }
}