From 718bc634707f669dfa6c61b4373a4a25b1a5e447 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Mon, 8 Jun 2020 23:17:18 +0100 Subject: dsa-texts: Improve description of CVE-2020-0543 (SRBDS) * The vulnerability is in Intel CPUs, not anywhere else in the system * The speculative execution could be on other cores or (so far as I can see) on the same core * The information leakage depends on the application, so say 'such as' instead of 'including' --- dsa-texts/4.9.210-1+deb9u1 | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'dsa-texts/4.9.210-1+deb9u1') diff --git a/dsa-texts/4.9.210-1+deb9u1 b/dsa-texts/4.9.210-1+deb9u1 index 5bed4cbb..9d54a61a 100644 --- a/dsa-texts/4.9.210-1+deb9u1 +++ b/dsa-texts/4.9.210-1+deb9u1 @@ -72,13 +72,13 @@ CVE-2019-20811 CVE-2020-0543 - Researchers at VU Amsterdam discovered that on some Intel x86 - systems supporting the RDRAND and RDSEED instructions, speculative - execution may use part of a random value that was previously - generated for use on another core. Depending on how these - instructions are used by applications, a local user or VM guest - could use this to obtain sensitive information including - cryptographic keys from other users or VMs. + Researchers at VU Amsterdam discovered that on some Intel CPUs + supporting the RDRAND and RDSEED instructions, part of a random + value generated by these instructions may be used in a later + speculative execution on any core of the same physical CPU. + Depending on how these instructions are used by applications, a + local user or VM guest could use this to obtain sensitive + information such as cryptographic keys from other users or VMs. This vulnerability can be mitigated by a microcode update, either as part of system firmware (BIOS) or through the intel-microcode -- cgit v1.2.3