ID

VAR-202106-0343


CVE

CVE-2020-24511


TITLE

Red Hat Security Advisory 2021-2299-01

Trust: 0.1

sources: PACKETSTORM: 163031

DESCRIPTION

Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Intel Processors (Intel processors) are Intel Corporation's processors that interpret computer instructions and process data in computer software. An authenticated attacker could exploit this vulnerability to obtain sensitive information. 6 ELS) - i386, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: microcode_ctl security, bug fix and enhancement update Advisory ID: RHSA-2021:2305-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2305 Issue date: 2021-06-08 CVE Names: CVE-2020-24489 CVE-2020-24511 CVE-2020-24512 CVE-2020-24513 ==================================================================== 1. Summary: An update for microcode_ctl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: The microcode_ctl packages provide microcode updates for Intel. Security Fix(es): * hw: vt-d related privilege escalation (CVE-2020-24489) * hw: improper isolation of shared resources in some Intel Processors (CVE-2020-24511) * hw: observable timing discrepancy in some Intel Processors (CVE-2020-24512) * hw: information disclosure on some Intel Atom processors (CVE-2020-24513) Bug Fix(es) and Enhancement(s): * Update Intel CPU microcode to microcode-20210525 release 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1962650 - CVE-2020-24489 hw: vt-d related privilege escalation 1962666 - CVE-2020-24513 hw: information disclosure on some Intel Atom processors 1962702 - CVE-2020-24511 hw: improper isolation of shared resources in some Intel Processors 1962722 - CVE-2020-24512 hw: observable timing discrepancy in some Intel Processors 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: microcode_ctl-2.1-73.9.el7_9.src.rpm x86_64: microcode_ctl-2.1-73.9.el7_9.x86_64.rpm microcode_ctl-debuginfo-2.1-73.9.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: microcode_ctl-2.1-73.9.el7_9.src.rpm x86_64: microcode_ctl-2.1-73.9.el7_9.x86_64.rpm microcode_ctl-debuginfo-2.1-73.9.el7_9.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: microcode_ctl-2.1-73.9.el7_9.src.rpm x86_64: microcode_ctl-2.1-73.9.el7_9.x86_64.rpm microcode_ctl-debuginfo-2.1-73.9.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: microcode_ctl-2.1-73.9.el7_9.src.rpm x86_64: microcode_ctl-2.1-73.9.el7_9.x86_64.rpm microcode_ctl-debuginfo-2.1-73.9.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-24489 https://access.redhat.com/security/cve/CVE-2020-24511 https://access.redhat.com/security/cve/CVE-2020-24512 https://access.redhat.com/security/cve/CVE-2020-24513 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYMAkjNzjgjWX9erEAQj9Rw//aAXwJWN2Q/e3KJ6n+bdhBXSWxMI+ro7r 86Elrmw3BY2uTNbkjEorxQfON15ZawMJn0eNprNGA4gxRJ1/OlV+bMXcXsHcxdwt 2ndTxSL9G3xd+B3j6L8N2YQAXzCSzJT2ohbFPntZeMDpd6hILbNO+XDmnPu0uEsh E1Rl1BNsQJGoJ9yrrk9hqae2erlB2nTuDwYcNN6YWANkpWxPnzrJBRt115hBL/Xm Gh9vsxTC98/V+TWn0o0gLDUr0sM21KhD2U8F3byxBQB4Kr4Y0X34U12whwHkG95b m+HKj38OHmwhm+JZV68AsVBbnaa4TM3ilccuAVujxcW10IyXZBsmBFoEnIQ5Y7mm X8Bc5goFlKet/cDqwwUDBvjFfXfC61+2N4gRnWp48b8+vojs+T6JsurrCJbRhXjL gy8adoRwG3zNj+0xh7sHjX7XkIYFwrWMxiFHUaJWMV8pfx6NvGJJTiRR6n1+nKJt scM4MX7RUnLlcmRMbN4HpU4Kg7CLqI3dgiJ1XAgIUyB4Xvsb+Ckp/M8EB9I+GLDP Z4feYJ/cplYpSCcRG0xxHsnqrDFgAI0P/KVy9GQeAaXWWVwQzP5vHr+tauLSaEae q4MCBAMQQ69TX2rSLhnwtH1fpVuBsZibIN3QAikZM///peIXrNcmR4jPBVRPU6p+ ulH8AIb5GRA=sYI9 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 1.89

sources: NVD: CVE-2020-24511 // VULHUB: VHN-178397 // VULMON: CVE-2020-24511 // PACKETSTORM: 163031 // PACKETSTORM: 163032 // PACKETSTORM: 163036 // PACKETSTORM: 163037 // PACKETSTORM: 163042 // PACKETSTORM: 163044 // PACKETSTORM: 163046 // PACKETSTORM: 163047 // PACKETSTORM: 163956

AFFECTED PRODUCTS

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:netappmodel:solidfire biosscope:eqversion: -

Trust: 1.0

vendor:netappmodel:hci compute node biosscope:eqversion: -

Trust: 1.0

vendor:intelmodel:microcodescope:ltversion:20210608

Trust: 1.0

vendor:netappmodel:fas\/aff biosscope:eqversion: -

Trust: 1.0

sources: NVD: CVE-2020-24511

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-24511
value: MEDIUM

Trust: 1.0

VULHUB: VHN-178397
value: LOW

Trust: 0.1

VULMON: CVE-2020-24511
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-24511
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-178397
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-24511
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.0
impactScore: 4.0
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-178397 // VULMON: CVE-2020-24511 // NVD: CVE-2020-24511

PROBLEMTYPE DATA

problemtype:CWE-668

Trust: 1.1

sources: VULHUB: VHN-178397 // NVD: CVE-2020-24511

PATCH

title:Red Hat: CVE-2020-24511url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2020-24511

Trust: 0.1

title:Debian CVElist Bug Report Logs: intel-microcode: CVE-2020-24511 CVE-2020-24512 CVE-2020-24513 CVE-2021-24489 (INTEL-SA-00464, INTEL-SA-00465, INTEL-SA-00442)url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=5d902b5a89823da316827bef43ff1012

Trust: 0.1

title:Debian Security Advisories: DSA-4934-1 intel-microcode -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=4ad7d48e75ab61a8e061047171de2577

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2020-24511 log

Trust: 0.1

title:Arch Linux Advisories: [ASA-202106-34] intel-ucode: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202106-34

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=240e27e5c8fba28153598a375a2a4130

Trust: 0.1

title:CVE-2020-24511url:https://github.com/AlAIAL90/CVE-2020-24511

Trust: 0.1

sources: VULMON: CVE-2020-24511

EXTERNAL IDS

db:NVDid:CVE-2020-24511

Trust: 2.1

db:SIEMENSid:SSA-309571

Trust: 1.1

db:PACKETSTORMid:163037

Trust: 0.2

db:PACKETSTORMid:163047

Trust: 0.2

db:PACKETSTORMid:163044

Trust: 0.2

db:PACKETSTORMid:163042

Trust: 0.2

db:PACKETSTORMid:163031

Trust: 0.2

db:PACKETSTORMid:163032

Trust: 0.2

db:PACKETSTORMid:163036

Trust: 0.2

db:PACKETSTORMid:163046

Trust: 0.2

db:PACKETSTORMid:163040

Trust: 0.1

db:PACKETSTORMid:163043

Trust: 0.1

db:PACKETSTORMid:163048

Trust: 0.1

db:VULHUBid:VHN-178397

Trust: 0.1

db:VULMONid:CVE-2020-24511

Trust: 0.1

db:PACKETSTORMid:163956

Trust: 0.1

sources: VULHUB: VHN-178397 // VULMON: CVE-2020-24511 // PACKETSTORM: 163031 // PACKETSTORM: 163032 // PACKETSTORM: 163036 // PACKETSTORM: 163037 // PACKETSTORM: 163042 // PACKETSTORM: 163044 // PACKETSTORM: 163046 // PACKETSTORM: 163047 // PACKETSTORM: 163956 // NVD: CVE-2020-24511

REFERENCES

url:https://security.netapp.com/advisory/ntap-20210611-0005/

Trust: 1.2

url:https://www.debian.org/security/2021/dsa-4934

Trust: 1.2

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html

Trust: 1.2

url:https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html

Trust: 1.2

url:https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf

Trust: 1.1

url:https://access.redhat.com/security/cve/cve-2020-24511

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2020-24489

Trust: 0.9

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.9

url:https://nvd.nist.gov/vuln/detail/cve-2020-24512

Trust: 0.9

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.9

url:https://nvd.nist.gov/vuln/detail/cve-2020-24511

Trust: 0.9

url:https://access.redhat.com/articles/11258

Trust: 0.9

url:https://access.redhat.com/security/team/key/

Trust: 0.9

url:https://access.redhat.com/security/cve/cve-2020-24489

Trust: 0.9

url:https://bugzilla.redhat.com/):

Trust: 0.9

url:https://access.redhat.com/security/cve/cve-2020-24512

Trust: 0.9

url:https://access.redhat.com/security/team/contact/

Trust: 0.9

url:https://access.redhat.com/security/cve/cve-2020-24513

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-24513

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/668.html

Trust: 0.1

url:https://github.com/alaial90/cve-2020-24511

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2299

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2302

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2300

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2306

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2308

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2304

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2305

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2303

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8696

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8698

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8698

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-0549

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-0543

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8695

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8695

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-0549

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3322

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-0543

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8696

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-0548

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-0548

Trust: 0.1

sources: VULHUB: VHN-178397 // VULMON: CVE-2020-24511 // PACKETSTORM: 163031 // PACKETSTORM: 163032 // PACKETSTORM: 163036 // PACKETSTORM: 163037 // PACKETSTORM: 163042 // PACKETSTORM: 163044 // PACKETSTORM: 163046 // PACKETSTORM: 163047 // PACKETSTORM: 163956 // NVD: CVE-2020-24511

CREDITS

Red Hat

Trust: 0.9

sources: PACKETSTORM: 163031 // PACKETSTORM: 163032 // PACKETSTORM: 163036 // PACKETSTORM: 163037 // PACKETSTORM: 163042 // PACKETSTORM: 163044 // PACKETSTORM: 163046 // PACKETSTORM: 163047 // PACKETSTORM: 163956

SOURCES

db:VULHUBid:VHN-178397
db:VULMONid:CVE-2020-24511
db:PACKETSTORMid:163031
db:PACKETSTORMid:163032
db:PACKETSTORMid:163036
db:PACKETSTORMid:163037
db:PACKETSTORMid:163042
db:PACKETSTORMid:163044
db:PACKETSTORMid:163046
db:PACKETSTORMid:163047
db:PACKETSTORMid:163956
db:NVDid:CVE-2020-24511

LAST UPDATE DATE

2024-11-07T19:42:55.613000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-178397date:2021-09-09T00:00:00
db:VULMONid:CVE-2020-24511date:2021-08-10T00:00:00
db:NVDid:CVE-2020-24511date:2021-09-09T12:55:19.680

SOURCES RELEASE DATE

db:VULHUBid:VHN-178397date:2021-06-09T00:00:00
db:VULMONid:CVE-2020-24511date:2021-06-09T00:00:00
db:PACKETSTORMid:163031date:2021-06-09T13:26:32
db:PACKETSTORMid:163032date:2021-06-09T13:26:50
db:PACKETSTORMid:163036date:2021-06-09T13:28:02
db:PACKETSTORMid:163037date:2021-06-09T13:28:17
db:PACKETSTORMid:163042date:2021-06-09T13:40:32
db:PACKETSTORMid:163044date:2021-06-09T13:40:48
db:PACKETSTORMid:163046date:2021-06-09T13:42:01
db:PACKETSTORMid:163047date:2021-06-09T13:42:12
db:PACKETSTORMid:163956date:2021-08-31T15:44:21
db:NVDid:CVE-2020-24511date:2021-06-09T19:15:08.897