SRBDS/CrossTalk (CVE-2020-0543) Vulnerability Being Patched By KernelCare

A new CPU vulnerability known as SRBDS/CrossTalk was discovered in June 2020. The team at KernelCare is currently creating a patch to close it down. Let’s examine this new vulnerability, and explore what we’re doing to eliminate it. 

Contents:

1. Real-time updates
2. What is CrossTalk (CVE-2020-0543)
3. How to mitigate the CrossTalk Vulnerability without a reboot?
   1. If you are running on hardware
      1. Step 1: Update microcode without a reboot
      2. Step 2: Apply KernelCare patches
   2. If you are running on a Virtual Machine
      

Real-time updates:

June 15: Patches against SRBDS/CrossTalk (CVE-2020-0543) are available for

• CentOS 6,
• CentOS 6 Plus,
• CentOS 7 Plus,
• OpenVZ 6,
• RHEL 6,
• RHEL 7,
• CloudLinux 6,
• CloudLinux 6 Hybrid,
• OEL 6,
• Scientific Linux 6.

June 18: Patches against SRBDS/CrossTalk (CVE-2020-0543) are available for

• Debian 9,
• CentOS8,
• CloudLinux OS 8,
• OEL8,
• RHEL8 distributions.

June 19: Patches against SRBDS/CrossTalk (CVE-2020-0543) are available for

• CentOS7,
• CloudLinux OS 7 distributions.

June 22: Patches against SRBDS/CrossTalk (CVE-2020-0543) are available for

• Ubuntu Bionic,
• Ubuntu Xenial,
• Ubuntu Bionic AWS,
• Ubuntu Xenial LTS Bionic,
• Ubuntu Xenial LTS Bionic AWS,
• Ubuntu Xenial LTS Bionic Azure,
• Ubuntu Xenial LTS Bionic GCP distributions.
• Ubuntu Trusty LTS Xenial
• Ubuntu Trusty LTS Xenial AWS
• Ubuntu Xenial AWS
• Ubuntu Xenial FIPS

June 23: Patches against SRBDS/CrossTalk (CVE-2020-0543) are available for

• Oracle Linux 6 UEK 4
• Oracle Linux 7 UEK 4
• Oracle Linux 7 UEK5
• Amazon Linux 1 & 2

What is CrossTalk?

Similar to an MDS vulnerability, CrossTalk enables malicious code executed on one CPU core to leak data from software executed on a different core. It compromises the CPU’s random number generator so that the shared buffer can be overwritten before it’s reused.

CrossTalk was discovered by VUSec, the Systems and Network Security Group at Vrije Universiteit Amsterdam. It affects Intel processors that employ the RDRAND and/or RDSEED random number generators, and its CVE designation is CVE-2020-0543.

Intel refers to the vulnerability as SRBDS, short for “Special Register Buffer Data Sampling,” but in technology circles it’s become popularly known as CrossTalk. 

How to mitigate the CrossTalk Vulnerability without a reboot?

1) If you are running on hardware:

To mitigate this vulnerability, take 2 steps that require no reboot if you follow the instructions below:

Step 1: Update Microcode without a reboot

Microcode is the code that runs inside the CPU itself and is handled by Intel. The procedure is usually done on reboot: you get the new kernel, it will have new microcode and when the kernel boots it will install new microcode into CPU.

Update microcode without reboot using our instructions here or watch the video tutorial:

Step 2: Apply KernelCare patches

Now you must still update the Linux Kernel to ensure that the local user can not read the data you are running on the CPU. With KernelCare you can do that without rebooting. Sign up for the free 30-day trial.

2) If you are running on a Virtual Machine:

You only need to patch the Linux Kernel inside the VM. Make sure that your host node is updated as well which is typically done by your service provider.

If you are using your KernelCare – your patches will be delivered automatically by KernelCare and you don’t need to do anything extra. If not – this is the right time to sign up for the free 30-day trial.

More patches will be added later this week. To find out right away when the patch is available, you can monitor this blog or our Twitter and Facebook channels.

Continue reading: New CVE Found by Virtuozzo Live-patched by KernelCare