Intel last night again publicly disclose two data leak, which is related to Zombieload and TAA issue in November.
The following are the new disclosures:
CVEID:CVE-2020-0548
Note: Some Intel ® processors to clear the error may make authenticated users are likely to enable information disclosure through local access.
CVSS Base Score: 2.8 Low
CVE-2020-0549
Note: Some Intel (R) processors in some of the data cache eviction in clear error could allow authenticated users to disclose potentially through information enabled local access.
CVSS Base Score: 6.5
CVE-2020-0548 vector register is called sampling, and is referred to as CVE-2020-0549 L1D expelled sample.
Speculative execution variant called side channel L1D point by point sampling data may allow to infer the value of the L1 data cache some of the modified cache line in a particular set of complicated conditions.
The new CPU microcode update will ease L1D expelled sampling.
Speculative execution variant called side channel sample vector registers may allow to infer the value of certain portions of the data vector operations under a particular set of complex conditions, these conditions include complex vector operations performed after a period of inactivity vector .
Sampling a vector register will also require CPU microcode update, they recommend using SMT and scheduling restrictions to reduce the risk of exposure.