{"id":"USN-4385-1","summary":"intel-microcode vulnerabilities","details":"It was discovered that memory contents previously stored in\nmicroarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY\nread operations on Intel client and Xeon E3 processors may be briefly\nexposed to processes on the same or different processor cores. A local\nattacker could use this to expose sensitive information. (CVE-2020-0543)\n\nIt was discovered that on some Intel processors, partial data values\npreviously read from a vector register on a physical core may be propagated\ninto unused portions of the store buffer. A local attacker could possible\nuse this to expose sensitive information. (CVE-2020-0548)\n\nIt was discovered that on some Intel processors, data from the most\nrecently evicted modified L1 data cache (L1D) line may be propagated into\nan unused (invalid) L1D fill buffer. A local attacker could possibly use\nthis to expose sensitive information. (CVE-2020-0549)\n","modified":"2026-02-10T04:41:50Z","published":"2020-06-09T18:42:32Z","related":["UBUNTU-CVE-2020-0543","UBUNTU-CVE-2020-0548","UBUNTU-CVE-2020-0549"],"upstream":["CVE-2020-0543","CVE-2020-0548","CVE-2020-0549","UBUNTU-CVE-2020-0543","UBUNTU-CVE-2020-0548","UBUNTU-CVE-2020-0549"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4385-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-0543"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-0548"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-0549"}],"affected":[{"package":{"name":"intel-microcode","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/intel-microcode@3.20200609.0ubuntu0.14.04.0?arch=source&distro=trusty/esm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.20200609.0ubuntu0.14.04.0"}]}],"versions":["1.20130906.1ubuntu2","1.20130906.1ubuntu3","2.20140122.1","2.20140430.1ubuntu1","2.20140624-t-1ubuntu2","3.20180108.0~ubuntu14.04.2","3.20180108.0+really20170707ubuntu14.04.1","3.20180312.0~ubuntu14.04.1","3.20180425.1~ubuntu0.14.04.1","3.20180425.1~ubuntu0.14.04.2","3.20180807a.0ubuntu0.14.04.1","3.20190514.0ubuntu0.14.04.1","3.20190514.0ubuntu0.14.04.2","3.20190618.0ubuntu0.14.04.1","3.20191112-0ubuntu0.14.04.2","3.20191115.1ubuntu0.14.04.1","3.20191115.1ubuntu0.14.04.2"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_version":"3.20200609.0ubuntu0.14.04.0","binary_name":"intel-microcode"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:14.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-0543"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-0548"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-0549"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4385-1.json"}},{"package":{"name":"intel-microcode","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/intel-microcode@3.20200609.0ubuntu0.16.04.0?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.20200609.0ubuntu0.16.04.0"}]}],"versions":["3.20150121.1","3.20151106.1","3.20170707.1~ubuntu16.04.0","3.20180108.0~ubuntu16.04.2","3.20180108.0+really20170707ubuntu16.04.1","3.20180312.0~ubuntu16.04.1","3.20180425.1~ubuntu0.16.04.1","3.20180425.1~ubuntu0.16.04.2","3.20180807a.0ubuntu0.16.04.1","3.20190514.0ubuntu0.16.04.1","3.20190514.0ubuntu0.16.04.2","3.20190618.0ubuntu0.16.04.1","3.20191112-0ubuntu0.16.04.2","3.20191115.1ubuntu0.16.04.1","3.20191115.1ubuntu0.16.04.2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"3.20200609.0ubuntu0.16.04.0","binary_name":"intel-microcode"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:16.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-0543"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-0548"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-0549"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4385-1.json"}},{"package":{"name":"intel-microcode","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/intel-microcode@3.20200609.0ubuntu0.18.04.0?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.20200609.0ubuntu0.18.04.0"}]}],"versions":["3.20170707.1","3.20171117.1","3.20180108.1","3.20180108.1+really20171117.1","3.20180312.0~ubuntu18.04.1","3.20180425.1~ubuntu0.18.04.1","3.20180425.1~ubuntu0.18.04.2","3.20180807a.0ubuntu0.18.04.1","3.20190514.0ubuntu0.18.04.2","3.20190514.0ubuntu0.18.04.3","3.20190618.0ubuntu0.18.04.1","3.20191112-0ubuntu0.18.04.2","3.20191115.1ubuntu0.18.04.1","3.20191115.1ubuntu0.18.04.2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"3.20200609.0ubuntu0.18.04.0","binary_name":"intel-microcode"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:18.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-0543"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-0548"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-0549"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4385-1.json"}},{"package":{"name":"intel-microcode","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/intel-microcode@3.20200609.0ubuntu0.20.04.0?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.20200609.0ubuntu0.20.04.0"}]}],"versions":["3.20190918.1ubuntu1","3.20191115.1ubuntu1","3.20191115.1ubuntu2","3.20191115.1ubuntu3"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"3.20200609.0ubuntu0.20.04.0","binary_name":"intel-microcode"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-0543"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-0548"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-0549"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4385-1.json"}}],"schema_version":"1.7.3"}