Security Vulnerability - CVE-2020-0551 aka 'Load value Injection (LVI)'

This document (000019586) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 15

Situation

Security researchers have identified new variants of transient execution attacks in Intel CPUs, where loads of secret data could be exposed to attacker running code on the same CPU core.

The attack is called "Load Value Injection" or "Full Frontal".

Resolution

Mitigations to this attack are similar to the Spectre Variant 1, potentially affected places of source code need speculation barriers like "lfence" or index masking.

The existing mitigations in the Linux Kernel for Spectre Variant 1 already also cover various LVI gadgets.

SUSE will fix respective places in our code, as they are identified.

Cause

CVE-2020-0551

Status

Security Alert

Additional Information

Since there are currently no known issues in the Linux Kernel, we will not be releasing updates at this time.
SUSE also currently considers this set of attacks unlikely exploitable in real world scenarios.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

Document ID:000019586
Creation Date: 10-Mar-2020
Modified Date:10-Mar-2020
- SUSE Linux Enterprise Server
- SUSE Linux Enterprise Server for SAP Applications

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com