Security Vulnerability - CVE-2020-0551 aka 'Load value Injection (LVI)'

This document (000019586) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 15

Situation

Security researchers have identified new variants of transient execution attacks in Intel CPUs, where loads of secret data could be exposed to attacker running code on the same CPU core.

The attack is called "Load Value Injection" or "Full Frontal".

Resolution

Mitigations to this attack are similar to the Spectre Variant 1, potentially affected places of source code need speculation barriers like "lfence" or index masking. 

The existing mitigations in the Linux Kernel for Spectre Variant 1 already also cover various LVI gadgets.

SUSE will fix respective places in our code, as they are identified.

Cause

Status

Security Alert

Additional Information

Since there are currently no known issues in the Linux Kernel, we will not be releasing updates at this time.
SUSE also currently considers this set of attacks unlikely exploitable in real world scenarios.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000019586
  • Creation Date: 10-Mar-2020
  • Modified Date:10-Mar-2020
    • SUSE Linux Enterprise Server
    • SUSE Linux Enterprise Server for SAP Applications

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center