CVE-2020-0551

high-risk

Published 2020-03-12

Load value injection in some Intel(R) Processors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. The list of affected products is provided in intel-sa-00334: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html

Do I need to act?

1.5% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.6/10 Medium

LOCAL / HIGH complexity

Affected Products (20)

Core I5-7Y54

Core I5-7Y57

Core I5-8200Y

Core I5-8210Y

Core I5-8250U

Core I5-8259U

Core I5-8265U

Core I5-8300H

Core I5-8305G

Core I5-8310Y

Core I5-8350U

Core I5-8365U

Core I5-8400

Core I5-8400B

Core I5-8400H

Core I5-8400T

Core I5-8420

Core I5-8420T

Core I5-8500

Core I5-8500B

Affected Vendors

Intel

References (4)

Third Party Advisory https://security.netapp.com/advisory/ntap-20200320-0002/

Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334....

Third Party Advisory https://security.netapp.com/advisory/ntap-20200320-0002/

Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334....

/ 100

high-risk

Severity 15/34 · Moderate

Exploitability 4/34 · Minimal

Exposure 33/34 · Critical