CVE-2020-0549

Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Weakness

The product does not release or incorrectly releases a resource before it is made available for re-use.

Affected Software

Name	Vendor	Start Version	End Version
Core_i7-8700b_firmware	Intel	- (including)	- (including)
Red Hat Enterprise Linux 6	RedHat	microcode_ctl-2:1.17-33.26.el6_10	*
Red Hat Enterprise Linux 6.5 Advanced Update Support	RedHat	microcode_ctl-2:1.17-17.31.el6_5	*
Red Hat Enterprise Linux 6.6 Advanced Update Support	RedHat	microcode_ctl-2:1.17-19.29.el6_6	*
Red Hat Enterprise Linux 7	RedHat	microcode_ctl-2:2.1-61.6.el7_8	*
Red Hat Enterprise Linux 7	RedHat	microcode_ctl-2:2.1-73.11.el7_9	*
Red Hat Enterprise Linux 7.2 Advanced Update Support	RedHat	microcode_ctl-2:2.1-12.30.el7_2	*
Red Hat Enterprise Linux 7.2 Advanced Update Support	RedHat	microcode_ctl-2:2.1-12.39.el7_2	*
Red Hat Enterprise Linux 7.3 Advanced Update Support	RedHat	microcode_ctl-2:2.1-16.33.el7_3	*
Red Hat Enterprise Linux 7.3 Advanced Update Support	RedHat	microcode_ctl-2:2.1-16.42.el7_3	*
Red Hat Enterprise Linux 7.3 Telco Extended Update Support	RedHat	microcode_ctl-2:2.1-16.33.el7_3	*
Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions	RedHat	microcode_ctl-2:2.1-16.33.el7_3	*
Red Hat Enterprise Linux 7.4 Advanced Update Support	RedHat	microcode_ctl-2:2.1-22.32.el7_4	*
Red Hat Enterprise Linux 7.4 Advanced Update Support	RedHat	microcode_ctl-2:2.1-22.41.el7_4	*
Red Hat Enterprise Linux 7.4 Telco Extended Update Support	RedHat	microcode_ctl-2:2.1-22.32.el7_4	*
Red Hat Enterprise Linux 7.4 Telco Extended Update Support	RedHat	microcode_ctl-2:2.1-22.41.el7_4	*
Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions	RedHat	microcode_ctl-2:2.1-22.32.el7_4	*
Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions	RedHat	microcode_ctl-2:2.1-22.41.el7_4	*
Red Hat Enterprise Linux 7.6 Advanced Update Support	RedHat	microcode_ctl-2:2.1-47.23.el7_6	*
Red Hat Enterprise Linux 7.6 Extended Update Support	RedHat	microcode_ctl-2:2.1-47.14.el7_6	*
Red Hat Enterprise Linux 7.6 Telco Extended Update Support	RedHat	microcode_ctl-2:2.1-47.23.el7_6	*
Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions	RedHat	microcode_ctl-2:2.1-47.23.el7_6	*
Red Hat Enterprise Linux 7.7 Extended Update Support	RedHat	microcode_ctl-2:2.1-53.9.el7_7	*
Red Hat Enterprise Linux 7.7 Extended Update Support	RedHat	microcode_ctl-2:2.1-53.18.el7_7	*
Red Hat Enterprise Linux 8	RedHat	microcode_ctl-4:20191115-4.20200602.2.el8_2	*
Red Hat Enterprise Linux 8	RedHat	microcode_ctl-4:20210216-1.20210608.1.el8_4	*
Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions	RedHat	microcode_ctl-4:20180807a-2.20200609.1.el8_0	*
Red Hat Enterprise Linux 8.1 Extended Update Support	RedHat	microcode_ctl-4:20190618-1.20200609.1.el8_1	*
Red Hat Enterprise Linux 8.1 Extended Update Support	RedHat	microcode_ctl-4:20190618-1.20210608.1.el8_1	*
Red Hat Enterprise Linux 8.2 Extended Update Support	RedHat	microcode_ctl-4:20191115-4.20210608.1.el8_2	*
Intel-microcode	Ubuntu	bionic	*
Intel-microcode	Ubuntu	devel	*
Intel-microcode	Ubuntu	disco	*
Intel-microcode	Ubuntu	eoan	*
Intel-microcode	Ubuntu	focal	*
Intel-microcode	Ubuntu	groovy	*
Intel-microcode	Ubuntu	trusty	*
Intel-microcode	Ubuntu	trusty/esm	*
Intel-microcode	Ubuntu	upstream	*
Intel-microcode	Ubuntu	xenial	*

Potential Mitigations

Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
For example, languages such as Java, Ruby, and Lisp perform automatic garbage collection that releases memory for objects that have been deallocated.

NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-0549
CWE	https://cwe.mitre.org/data/definitions/404.html

Improper Resource Shutdown or Release

Weakness

Affected Software

Potential Mitigations

References

CVE-2020-0549

Improper Resource Shutdown or Release

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References