Mar 12, 2020
LVI vulnerability

Yesterday (March 10th 2020) a new vulnerability in the Intel CPU's has been made
public. This vulnerability has been registered with identification number
CVE-2020-0551 and is internally registered in call 177322. This vulnerability is
similar to the Spectre and Meltdown vulnerabilities that were made public on
January 4th 2018. Like in the other vulnerabilities this vulnerability makes it
possible to retrieve sensitive information from the system by using the CPU and
memory components.

Though the exploitation of this vulnerability is quite difficult and local
server access is needed, the general opinion is this vulnerability can only be
exploited by state actors. Based on all of this Intel has decided to rate this
vulnerability as 'medium' (CVSS Score 5.6). Currently (March 11th 2020) there is
no fix available unfortunately. MCX is being actively informed through various
sources on the Internet. When a patch becomes available that solves this problem
MCX will contact the impacted customers.

If you have additional questions please call us at +31 55 5260670 and ask for
our Security Officer.

Help us share this
Share Share Share Share Share