Vulnerabilites related to intel - p5931b
var-202106-0345
Vulnerability from variot
Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Intel Processors (Intel processors) are Intel Corporation's processors that interpret computer instructions and process data in computer software. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components.
For the stable distribution (buster), these problems have been fixed in version 3.20210608.2~deb10u1.
Note that there are two reported regressions; for some CoffeeLake CPUs this update may break iwlwifi (https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/56) and some for Skylake R0/D0 CPUs on systems using a very outdated firmware/BIOS, the system may hang on boot: (https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31)
If you are affected by those issues, you can recover by disabling microcode loading on boot (as documented in README.Debian (also available online at https://salsa.debian.org/hmh/intel-microcode/-/blob/master/debian/README.Debian))
We recommend that you upgrade your intel-microcode packages.
For the detailed security status of intel-microcode please refer to its security tracker page at: https://security-tracker.debian.org/tracker/intel-microcode
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmDXan0ACgkQEMKTtsN8 Tja9aQ//f1dHsEghQsedGnkMCIa2qLi12UFtb4yW7TYV6uwloqbYZMbymvoXYOAB haasn+yCaGUkXuAHxcGvZuN41EkRhdG4LfS5qoZxPMsw84ETjpV2Ohwhuqwf9P20 9pqV1QLjVPCMiCqvHatkzyRNPtRhIh0uCRx5HtIeOEyKTwhVnUJrrljUXCzMDviD 3As0n0yVUPDIcJdaVxp5mxyebf1NyIYMR+7wmzTBOhK6i+rEE4NkKGkcsYBIM1ch AdTQNHv78QZld6ixL8iCUe1NsSugZ2QjbVL1BLW45fJv3f0BIF5uo6LBzbiJlN/6 xWwOdFTfqW1ORyr0k6JQ+yKz3oSE+jfUStwf+zegWOjYes5gGaA/nATzzNwwFfCQ qDqMmnN26qMI3MswP50ESkNs2JTK3955cIJjnscp5DeFArDuCFKh9wcqSZ46/QCE GVRi+F/Dh3JQxv/jP8jfLhCvkBptuendGo9qK5v22QoeCRoHS16dLu7HHP34hRrw k//EgtP35pD9eTNiIsxhmx3qTPD0gbQbcMG/5NTVtpNqsffAxYtqTy8+/4lfPkNn AYtYrrG6tjEHe1gasLkjthB7c0YLzPLdNyZkNIk6XZ2YIhx18N80c7gTBERSJ1Sh 9lmsnX3+5GWM7Fx2NN2vL5xIEo0einMJCyTlNMRDLim2ix1vpZg= =RVf2 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: microcode_ctl security, bug fix and enhancement update Advisory ID: RHSA-2021:2301-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2301 Issue date: 2021-06-08 CVE Names: CVE-2020-24489 CVE-2020-24511 CVE-2020-24512 CVE-2020-24513 ==================================================================== 1. Summary:
An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Server AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - x86_64
- Description:
The microcode_ctl packages provide microcode updates for Intel.
Security Fix(es):
-
hw: vt-d related privilege escalation (CVE-2020-24489)
-
hw: improper isolation of shared resources in some Intel Processors (CVE-2020-24511)
-
hw: observable timing discrepancy in some Intel Processors (CVE-2020-24512)
-
hw: information disclosure on some Intel Atom processors (CVE-2020-24513)
Bug Fix(es) and Enhancement(s):
-
Update Intel CPU microcode to microcode-20210525 release
-
Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1962650 - CVE-2020-24489 hw: vt-d related privilege escalation 1962666 - CVE-2020-24513 hw: information disclosure on some Intel Atom processors 1962702 - CVE-2020-24511 hw: improper isolation of shared resources in some Intel Processors 1962722 - CVE-2020-24512 hw: observable timing discrepancy in some Intel Processors
- Package List:
Red Hat Enterprise Linux Server AUS (v. 7.4):
Source: microcode_ctl-2.1-22.39.el7_4.src.rpm
x86_64: microcode_ctl-2.1-22.39.el7_4.x86_64.rpm microcode_ctl-debuginfo-2.1-22.39.el7_4.x86_64.rpm
Red Hat Enterprise Linux Server E4S (v. 7.4):
Source: microcode_ctl-2.1-22.39.el7_4.src.rpm
x86_64: microcode_ctl-2.1-22.39.el7_4.x86_64.rpm microcode_ctl-debuginfo-2.1-22.39.el7_4.x86_64.rpm
Red Hat Enterprise Linux Server TUS (v. 7.4):
Source: microcode_ctl-2.1-22.39.el7_4.src.rpm
x86_64: microcode_ctl-2.1-22.39.el7_4.x86_64.rpm microcode_ctl-debuginfo-2.1-22.39.el7_4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-24489 https://access.redhat.com/security/cve/CVE-2020-24511 https://access.redhat.com/security/cve/CVE-2020-24512 https://access.redhat.com/security/cve/CVE-2020-24513 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYMAhZtzjgjWX9erEAQgacA/8CSb4gKvVxCL/UEvQ8fD+Fuk7bVgGXgdl zfHALQmqxEvgcquECA1+0gVaALewsTbv0jYGt8ar3LXlNfdYvJyTZIkkTU7QPZX4 noIGXIk9Ljn6HDzNVq4+SzQGFhsy+eCyj0ksgLD1pYvSXZhMhIFoNs88qbn4vohF NWbr/79PFDN5Z8OD6eZ62dQuU0EBgR2/zQGhqEp2A5AIGyCpoGkeMjQbcEr8MTYw re11SdeDWdXudlgn6lCeVm1NB8/oaCRih7VTaNzHMTihyG2fS6Vfy9Tf1PcXXrZT 8r21wAISxES7QfMCxBB3jnlq+/3QYFG/dYLDZ8EDwa6ZCXyFRHirUQP6vrk9TG5k xVPIFH/QUwcWFaquGbvtpllAgn1tcSohpzMzDPqLIFSO031A1Xdn6JaYaUi9unO7 wOUS5MMYTJtXjQJ/lBjMFFCEMzGZ1VY74wwdHmyoBW9eA6DnfjTHsnhTpWvLbuHw fM0+/amC1YdZkMOmKWeSNkB0ESISQw6d7/pgT1px/ZyEktGtlnvOcybPpqVVFnnT 3llMAz6CW3UL59MvAvPk9dXKSeJBfsXVVQq21VVuNi/KHSE9tsYQnBgiVizDbrru npkQK4e+JU/GxTuioDK4/QrC89S9ZTvHcfiTFhpDt8DNxJdkmjjNi87m1UWfS1rL 3CqP9OqPU7Q=cruI -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-0345",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "atom c3950",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom c3308",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom c3958",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "celeron n3350",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3-l13g4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom c3708",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "pentium silver n5000",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "p5921b",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "celeron j3455",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "celeron j4105",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom x5-a3930",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "p5931b",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "p5962b",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "pentium n4200",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom c3336",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "celeron n3350e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "celeron n4100",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "pentium silver j5040",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom c3508",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom c3558",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "pentium j6425",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "pentium n6415",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "pentium silver n5030",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom c3558rc",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom x6425e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "celeron j6413",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "celeron n6211",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "simatic et 200sp open controller",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "0209_0105"
},
{
"model": "celeron j3355e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "pentium j4205",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom p5942b",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom x5-a3940",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom c3758",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "celeron n3450",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom x5-a3960",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "atom c3858",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom x6427fe",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom c3338r",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom c3750",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom c3850",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "simatic ipc127e",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "21.01.07"
},
{
"model": "atom x6211e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5-l16g7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom x6212re",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "celeron j4005",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom c3758r",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom c3808",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "celeron n4000",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom c3538",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom x5-a3950",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom c3436l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom x6413e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "celeron n4020",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "celeron j3455e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "pentium silver j5005",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "simatic drive controller",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "atom x6200fe",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "celeron j4125",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom c3955",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "celeron n4120",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "pentium n4200e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom c3558r",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "celeron j3355",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "celeron j4025",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom c3338",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom x6425re",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom c3830",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-24513"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-632"
}
],
"trust": 0.6
},
"cve": "CVE-2020-24513",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-24513",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.1,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-178399",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.0,
"id": "CVE-2020-24513",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-24513",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-632",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-178399",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2020-24513",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-178399"
},
{
"db": "VULMON",
"id": "CVE-2020-24513"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-632"
},
{
"db": "NVD",
"id": "CVE-2020-24513"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Intel Processors (Intel processors) are Intel Corporation\u0027s processors that interpret computer instructions and process data in computer software. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 3.20210608.2~deb10u1. \n\nNote that there are two reported regressions; for some CoffeeLake CPUs\nthis update may break iwlwifi\n(https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/56)\nand some for Skylake R0/D0 CPUs on systems using a very outdated firmware/BIOS,\nthe system may hang on boot:\n(https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31)\n\nIf you are affected by those issues, you can recover by disabling microcode\nloading on boot (as documented in README.Debian (also available online at\nhttps://salsa.debian.org/hmh/intel-microcode/-/blob/master/debian/README.Debian))\n\nWe recommend that you upgrade your intel-microcode packages. \n\nFor the detailed security status of intel-microcode please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/intel-microcode\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmDXan0ACgkQEMKTtsN8\nTja9aQ//f1dHsEghQsedGnkMCIa2qLi12UFtb4yW7TYV6uwloqbYZMbymvoXYOAB\nhaasn+yCaGUkXuAHxcGvZuN41EkRhdG4LfS5qoZxPMsw84ETjpV2Ohwhuqwf9P20\n9pqV1QLjVPCMiCqvHatkzyRNPtRhIh0uCRx5HtIeOEyKTwhVnUJrrljUXCzMDviD\n3As0n0yVUPDIcJdaVxp5mxyebf1NyIYMR+7wmzTBOhK6i+rEE4NkKGkcsYBIM1ch\nAdTQNHv78QZld6ixL8iCUe1NsSugZ2QjbVL1BLW45fJv3f0BIF5uo6LBzbiJlN/6\nxWwOdFTfqW1ORyr0k6JQ+yKz3oSE+jfUStwf+zegWOjYes5gGaA/nATzzNwwFfCQ\nqDqMmnN26qMI3MswP50ESkNs2JTK3955cIJjnscp5DeFArDuCFKh9wcqSZ46/QCE\nGVRi+F/Dh3JQxv/jP8jfLhCvkBptuendGo9qK5v22QoeCRoHS16dLu7HHP34hRrw\nk//EgtP35pD9eTNiIsxhmx3qTPD0gbQbcMG/5NTVtpNqsffAxYtqTy8+/4lfPkNn\nAYtYrrG6tjEHe1gasLkjthB7c0YLzPLdNyZkNIk6XZ2YIhx18N80c7gTBERSJ1Sh\n9lmsnX3+5GWM7Fx2NN2vL5xIEo0einMJCyTlNMRDLim2ix1vpZg=\n=RVf2\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: microcode_ctl security, bug fix and enhancement update\nAdvisory ID: RHSA-2021:2301-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:2301\nIssue date: 2021-06-08\nCVE Names: CVE-2020-24489 CVE-2020-24511 CVE-2020-24512\n CVE-2020-24513\n====================================================================\n1. Summary:\n\nAn update for microcode_ctl is now available for Red Hat Enterprise Linux\n7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server AUS (v. 7.4) - x86_64\nRed Hat Enterprise Linux Server E4S (v. 7.4) - x86_64\nRed Hat Enterprise Linux Server TUS (v. 7.4) - x86_64\n\n3. Description:\n\nThe microcode_ctl packages provide microcode updates for Intel. \n\nSecurity Fix(es):\n\n* hw: vt-d related privilege escalation (CVE-2020-24489)\n\n* hw: improper isolation of shared resources in some Intel Processors\n(CVE-2020-24511)\n\n* hw: observable timing discrepancy in some Intel Processors\n(CVE-2020-24512)\n\n* hw: information disclosure on some Intel Atom processors (CVE-2020-24513)\n\nBug Fix(es) and Enhancement(s):\n\n* Update Intel CPU microcode to microcode-20210525 release\n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1962650 - CVE-2020-24489 hw: vt-d related privilege escalation\n1962666 - CVE-2020-24513 hw: information disclosure on some Intel Atom processors\n1962702 - CVE-2020-24511 hw: improper isolation of shared resources in some Intel Processors\n1962722 - CVE-2020-24512 hw: observable timing discrepancy in some Intel Processors\n\n6. Package List:\n\nRed Hat Enterprise Linux Server AUS (v. 7.4):\n\nSource:\nmicrocode_ctl-2.1-22.39.el7_4.src.rpm\n\nx86_64:\nmicrocode_ctl-2.1-22.39.el7_4.x86_64.rpm\nmicrocode_ctl-debuginfo-2.1-22.39.el7_4.x86_64.rpm\n\nRed Hat Enterprise Linux Server E4S (v. 7.4):\n\nSource:\nmicrocode_ctl-2.1-22.39.el7_4.src.rpm\n\nx86_64:\nmicrocode_ctl-2.1-22.39.el7_4.x86_64.rpm\nmicrocode_ctl-debuginfo-2.1-22.39.el7_4.x86_64.rpm\n\nRed Hat Enterprise Linux Server TUS (v. 7.4):\n\nSource:\nmicrocode_ctl-2.1-22.39.el7_4.src.rpm\n\nx86_64:\nmicrocode_ctl-2.1-22.39.el7_4.x86_64.rpm\nmicrocode_ctl-debuginfo-2.1-22.39.el7_4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-24489\nhttps://access.redhat.com/security/cve/CVE-2020-24511\nhttps://access.redhat.com/security/cve/CVE-2020-24512\nhttps://access.redhat.com/security/cve/CVE-2020-24513\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYMAhZtzjgjWX9erEAQgacA/8CSb4gKvVxCL/UEvQ8fD+Fuk7bVgGXgdl\nzfHALQmqxEvgcquECA1+0gVaALewsTbv0jYGt8ar3LXlNfdYvJyTZIkkTU7QPZX4\nnoIGXIk9Ljn6HDzNVq4+SzQGFhsy+eCyj0ksgLD1pYvSXZhMhIFoNs88qbn4vohF\nNWbr/79PFDN5Z8OD6eZ62dQuU0EBgR2/zQGhqEp2A5AIGyCpoGkeMjQbcEr8MTYw\nre11SdeDWdXudlgn6lCeVm1NB8/oaCRih7VTaNzHMTihyG2fS6Vfy9Tf1PcXXrZT\n8r21wAISxES7QfMCxBB3jnlq+/3QYFG/dYLDZ8EDwa6ZCXyFRHirUQP6vrk9TG5k\nxVPIFH/QUwcWFaquGbvtpllAgn1tcSohpzMzDPqLIFSO031A1Xdn6JaYaUi9unO7\nwOUS5MMYTJtXjQJ/lBjMFFCEMzGZ1VY74wwdHmyoBW9eA6DnfjTHsnhTpWvLbuHw\nfM0+/amC1YdZkMOmKWeSNkB0ESISQw6d7/pgT1px/ZyEktGtlnvOcybPpqVVFnnT\n3llMAz6CW3UL59MvAvPk9dXKSeJBfsXVVQq21VVuNi/KHSE9tsYQnBgiVizDbrru\nnpkQK4e+JU/GxTuioDK4/QrC89S9ZTvHcfiTFhpDt8DNxJdkmjjNi87m1UWfS1rL\n3CqP9OqPU7Q=cruI\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-24513"
},
{
"db": "VULHUB",
"id": "VHN-178399"
},
{
"db": "VULMON",
"id": "CVE-2020-24513"
},
{
"db": "PACKETSTORM",
"id": "169079"
},
{
"db": "PACKETSTORM",
"id": "163032"
},
{
"db": "PACKETSTORM",
"id": "163037"
},
{
"db": "PACKETSTORM",
"id": "163042"
},
{
"db": "PACKETSTORM",
"id": "163043"
},
{
"db": "PACKETSTORM",
"id": "163044"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-24513",
"trust": 2.4
},
{
"db": "SIEMENS",
"id": "SSA-309571",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "163031",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.4047",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2537",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1996",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2088",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2258",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2243",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3443",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021062128",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021062701",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021081109",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-222-05",
"trust": 0.6
},
{
"db": "LENOVO",
"id": "LEN-62742",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202106-632",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "163037",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "163044",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "163042",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "163043",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "163032",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "163047",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163040",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163048",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163036",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163046",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-178399",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-24513",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169079",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-178399"
},
{
"db": "VULMON",
"id": "CVE-2020-24513"
},
{
"db": "PACKETSTORM",
"id": "169079"
},
{
"db": "PACKETSTORM",
"id": "163032"
},
{
"db": "PACKETSTORM",
"id": "163037"
},
{
"db": "PACKETSTORM",
"id": "163042"
},
{
"db": "PACKETSTORM",
"id": "163043"
},
{
"db": "PACKETSTORM",
"id": "163044"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-632"
},
{
"db": "NVD",
"id": "CVE-2020-24513"
}
]
},
"id": "VAR-202106-0345",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-178399"
}
],
"trust": 0.7111111
},
"last_update_date": "2024-11-29T22:09:51.805000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Intel Atom Processors Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155259"
},
{
"title": "Red Hat: CVE-2020-24513",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2020-24513"
},
{
"title": "Debian CVElist Bug Report Logs: intel-microcode: CVE-2020-24511 CVE-2020-24512 CVE-2020-24513 CVE-2021-24489 (INTEL-SA-00464, INTEL-SA-00465, INTEL-SA-00442)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=5d902b5a89823da316827bef43ff1012"
},
{
"title": "Debian Security Advisories: DSA-4934-1 intel-microcode -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=4ad7d48e75ab61a8e061047171de2577"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-24513 log"
},
{
"title": "Arch Linux Advisories: [ASA-202106-34] intel-ucode: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202106-34"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=240e27e5c8fba28153598a375a2a4130"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-24513"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-632"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-24513"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.debian.org/security/2021/dsa-4934"
},
{
"trust": 1.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24513"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24511"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24512"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24513"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24489"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163031/red-hat-security-advisory-2021-2299-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021081109"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/product_security/len-62742"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6501139"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2537"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1996"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6520482"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2243"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2088"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2258"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021062128"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021062701"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3443"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4047"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/intel-atom-processor-information-disclosure-via-domain-bypass-transient-execution-35665"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-05"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-24511"
},
{
"trust": 0.5,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-24489"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-24512"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://salsa.debian.org/hmh/intel-microcode/-/blob/master/debian/readme.debian))"
},
{
"trust": 0.1,
"url": "https://github.com/intel/intel-linux-processor-microcode-data-files/issues/56)"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://github.com/intel/intel-linux-processor-microcode-data-files/issues/31)"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/intel-microcode"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2302"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2306"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2308"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2301"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2304"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-178399"
},
{
"db": "VULMON",
"id": "CVE-2020-24513"
},
{
"db": "PACKETSTORM",
"id": "169079"
},
{
"db": "PACKETSTORM",
"id": "163032"
},
{
"db": "PACKETSTORM",
"id": "163037"
},
{
"db": "PACKETSTORM",
"id": "163042"
},
{
"db": "PACKETSTORM",
"id": "163043"
},
{
"db": "PACKETSTORM",
"id": "163044"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-632"
},
{
"db": "NVD",
"id": "CVE-2020-24513"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-178399"
},
{
"db": "VULMON",
"id": "CVE-2020-24513"
},
{
"db": "PACKETSTORM",
"id": "169079"
},
{
"db": "PACKETSTORM",
"id": "163032"
},
{
"db": "PACKETSTORM",
"id": "163037"
},
{
"db": "PACKETSTORM",
"id": "163042"
},
{
"db": "PACKETSTORM",
"id": "163043"
},
{
"db": "PACKETSTORM",
"id": "163044"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-632"
},
{
"db": "NVD",
"id": "CVE-2020-24513"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-178399"
},
{
"date": "2021-06-09T00:00:00",
"db": "VULMON",
"id": "CVE-2020-24513"
},
{
"date": "2021-06-28T19:12:00",
"db": "PACKETSTORM",
"id": "169079"
},
{
"date": "2021-06-09T13:26:50",
"db": "PACKETSTORM",
"id": "163032"
},
{
"date": "2021-06-09T13:28:17",
"db": "PACKETSTORM",
"id": "163037"
},
{
"date": "2021-06-09T13:40:32",
"db": "PACKETSTORM",
"id": "163042"
},
{
"date": "2021-06-09T13:40:40",
"db": "PACKETSTORM",
"id": "163043"
},
{
"date": "2021-06-09T13:40:48",
"db": "PACKETSTORM",
"id": "163044"
},
{
"date": "2021-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-632"
},
{
"date": "2021-06-09T19:15:08.963000",
"db": "NVD",
"id": "CVE-2020-24513"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-22T00:00:00",
"db": "VULHUB",
"id": "VHN-178399"
},
{
"date": "2021-08-10T00:00:00",
"db": "VULMON",
"id": "CVE-2020-24513"
},
{
"date": "2022-04-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-632"
},
{
"date": "2022-04-22T16:20:19.347000",
"db": "NVD",
"id": "CVE-2020-24513"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-632"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel Processors Information disclosure vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-632"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-632"
}
],
"trust": 0.6
}
}
cve-2020-24513
Vulnerability from cvelistv5
Published
2021-06-09 18:54
Modified
2024-08-04 15:12
Severity ?
EPSS score ?
Summary
Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html | x_refsource_MISC | |
| https://www.debian.org/security/2021/dsa-4934 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html | mailing-list, x_refsource_MLIST | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel Atom(R) Processors |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:12:08.752Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html"
},
{
"name": "DSA-4934",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4934"
},
{
"name": "[debian-lts-announce] 20210726 [SECURITY] [DLA 2718-1] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Intel Atom(R) Processors",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-10T11:06:29",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html"
},
{
"name": "DSA-4934",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4934"
},
{
"name": "[debian-lts-announce] 20210726 [SECURITY] [DLA 2718-1] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2020-24513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel Atom(R) Processors",
"version": {
"version_data": [
{
"version_value": "See references"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html",
"refsource": "MISC",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html"
},
{
"name": "DSA-4934",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4934"
},
{
"name": "[debian-lts-announce] 20210726 [SECURITY] [DLA 2718-1] intel-microcode security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2020-24513",
"datePublished": "2021-06-09T18:54:08",
"dateReserved": "2020-08-19T00:00:00",
"dateUpdated": "2024-08-04T15:12:08.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-06-09 19:15
Modified
2024-11-21 05:14
Severity ?
Summary
Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@intel.com | https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf | Third Party Advisory | |
| secure@intel.com | https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html | Mailing List, Third Party Advisory | |
| secure@intel.com | https://www.debian.org/security/2021/dsa-4934 | Third Party Advisory | |
| secure@intel.com | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2021/dsa-4934 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:atom_c3308:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E18B9E2-0659-4A50-88F6-D3D429EC5F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3336:-:*:*:*:*:*:*:*",
"matchCriteriaId": "158C116D-5E24-4593-A283-F6810E424B5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3338:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE5F25C-8092-4A74-B265-4BB720DA1A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3338r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C58BF4A8-2B69-49B7-9113-554D61CE9FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3436l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11C5EF68-F91F-4395-BDC6-CD3B7348C45C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A33FC1CB-7983-48B9-AF3C-E3CF958B5FA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3538:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF500096-2B4A-476B-BBCA-1FEE100ABC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3558:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F17C3AB-AC03-427F-B0A9-9EACD2A231C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3558r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2951F904-97AA-4AE6-B227-0A0D282369ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3558rc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70C31407-B78D-4406-B3B8-49BD89E674ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3708:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4058BBB2-268F-47E6-BE5A-992C5F460BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F191949-2674-4968-90CC-030D6E8901D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3758:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6893581C-5447-4FAD-BFCB-41727FAB4CF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3758r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E89FF1-C329-4975-9706-75FD84FDD5C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3808:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42737F96-25B8-4E3E-AED2-47FA27075A23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3830:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D397ED37-60EE-49F0-95F0-2C6F666E9368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65F731F9-59EB-4161-AB8B-506BC336B987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3858:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F35B073-EA5F-4746-AB8B-674C9EAFDC3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3950:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9EA6C3DB-8E6D-4CF8-BD52-B362C83DF4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3955:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6107B3F-C7FE-46EF-A80E-1A4DD55F9306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_c3958:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36E7FA68-B62B-4EEF-B8EA-665026E1E3F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_p5942b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D860FEC-BA79-4FEE-A79C-88AA857358E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_x5-a3930:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E374730D-0311-47F5-9EE3-ECD205693167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_x5-a3940:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45765887-0882-4D33-9D32-675581C35BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_x5-a3950:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B2D4F4B-6DB7-414D-A41F-DA17D7C1AA52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_x5-a3960:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2EB4891F-358E-4A6E-A3D4-C83F8E45B19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_x6200fe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89231773-9D9B-434A-A6A3-8527C4F6FEBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_x6211e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A85EA674-2537-4323-AEDA-FA356489E7DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_x6212re:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F85599DD-3F80-4EB0-9753-D24EDD8D76CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_x6413e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B3348F4-8E2B-42BE-9F3A-48DFF5CE0047",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_x6425e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F068F4F-8CCD-4218-871C-BEABEB0DAB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_x6425re:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7313975C-41A5-4657-8758-1C16F947BE4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:atom_x6427fe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBE4406-9979-4723-833C-176F051E6389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_j3355:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7087FCA7-6D5C-45A5-B380-533915BC608A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_j3355e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85683891-11D4-47B1-834B-5E0380351E78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_j3455:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBF2D89D-AC2D-4EAB-ADF3-66C25FE54E19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_j3455e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03D778C7-F242-4A6A-9B62-A7C578D985FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_j4005:-:*:*:*:*:*:*:*",
"matchCriteriaId": "652EC574-B9B6-4747-AE72-39D1379A596B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_j4025:-:*:*:*:*:*:*:*",
"matchCriteriaId": "522A9A57-B8D8-4C61-92E3-BE894A765C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_j4105:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A588BEB3-90B5-482E-B6C4-DC6529B0B4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_j4125:-:*:*:*:*:*:*:*",
"matchCriteriaId": "826BAF04-E174-483D-8700-7FA1EAC4D555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_j6413:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7A8BF58-1D33-484A-951C-808443912BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n3350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5884F21-BAB5-4A45-8C72-C90D07BAECA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n3350e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2A2AC5-FA56-49F0-BA00-E96B10FEF889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n3450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FF7ADD-9E27-4A23-9714-5B76132C20BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n4000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8771AB4-2F51-494D-8C86-3524BB4219C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n4020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D7E822D-994F-410D-B13C-939449FFC293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB5576F2-4914-427C-9518-ED7D16630CC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n4120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3ABB7C52-863F-4291-A05B-422EE9615FAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:celeron_n6211:-:*:*:*:*:*:*:*",
"matchCriteriaId": "406E9139-BCFF-406B-A856-57896D27B752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i3-l13g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39FD6F9C-FEEA-4D52-8745-6477B50AFB0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:core_i5-l16g7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4FD69F-FF53-43F4-97C8-40867DB67958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:p5921b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E51393D-0855-41EA-9A57-090B47F84838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:p5931b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E5668AC-EF49-43CF-8CE4-CCE3AA999F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:p5962b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69383613-C04B-4C0F-8589-6F3EF6D45797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:pentium_j4205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6585755-C56C-4910-A7D5-B2153396AC7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:pentium_j6425:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D97C7A90-D8C6-4901-BCA1-E40DA173AA9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:pentium_n4200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9A944A8C-462E-4FF9-8AD6-1687297DD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:pentium_n4200e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5378FE6C-251A-4BCD-B151-EA42B594DC37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:pentium_n6415:-:*:*:*:*:*:*:*",
"matchCriteriaId": "638FA431-71EA-4668-AFF2-989A4994ED12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:pentium_silver_j5005:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC903FA4-2C4E-4EBB-8BFA-579844B87354",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:pentium_silver_j5040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "667F2E6C-C2FD-4E4B-9CC4-2EF33A74F61B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:pentium_silver_n5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DF16D51-5662-47C3-8911-0FACEEDB9D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:intel:pentium_silver_n5030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC4430E-E4B1-454F-8C95-6412D34454C4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_drive_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "143C062B-4DFB-4570-BE8F-7873B67A4BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_drive_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0137C77B-D587-47D6-AEBE-462D00546FD7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_et_200sp_open_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9938FA-DE0B-4A60-A931-CE48CEB7F635",
"versionEndExcluding": "0209_0105",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_et_200sp_open_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B5313D-48E9-47F5-BF59-C71A255D9831",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_ipc127e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "466CDD7A-1B83-46C4-AC57-78E02811FFE0",
"versionEndExcluding": "21.01.07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F63C0B17-60E2-4240-92FD-4B7C7D8F2C8B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la ejecuci\u00f3n transitoria de omisi\u00f3n de dominios en algunos procesadores Intel Atom\u00ae puede permitir a un usuario autenticado permitir potencialmente una divulgaci\u00f3n de informaci\u00f3n por medio de un acceso local"
}
],
"id": "CVE-2020-24513",
"lastModified": "2024-11-21T05:14:56.957",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-09T19:15:08.963",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf"
},
{
"source": "secure@intel.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html"
},
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4934"
},
{
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4934"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}