ID

VAR-202106-0344


CVE

CVE-2020-24512


TITLE

Intel Processors Information disclosure vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202106-633

DESCRIPTION

Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. 6 ELS) - i386, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: microcode_ctl security, bug fix and enhancement update Advisory ID: RHSA-2021:2301-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2301 Issue date: 2021-06-08 CVE Names: CVE-2020-24489 CVE-2020-24511 CVE-2020-24512 CVE-2020-24513 ==================================================================== 1. Summary: An update for microcode_ctl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - x86_64 3. Description: The microcode_ctl packages provide microcode updates for Intel. Security Fix(es): * hw: vt-d related privilege escalation (CVE-2020-24489) * hw: improper isolation of shared resources in some Intel Processors (CVE-2020-24511) * hw: observable timing discrepancy in some Intel Processors (CVE-2020-24512) * hw: information disclosure on some Intel Atom processors (CVE-2020-24513) Bug Fix(es) and Enhancement(s): * Update Intel CPU microcode to microcode-20210525 release 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1962650 - CVE-2020-24489 hw: vt-d related privilege escalation 1962666 - CVE-2020-24513 hw: information disclosure on some Intel Atom processors 1962702 - CVE-2020-24511 hw: improper isolation of shared resources in some Intel Processors 1962722 - CVE-2020-24512 hw: observable timing discrepancy in some Intel Processors 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.4): Source: microcode_ctl-2.1-22.39.el7_4.src.rpm x86_64: microcode_ctl-2.1-22.39.el7_4.x86_64.rpm microcode_ctl-debuginfo-2.1-22.39.el7_4.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.4): Source: microcode_ctl-2.1-22.39.el7_4.src.rpm x86_64: microcode_ctl-2.1-22.39.el7_4.x86_64.rpm microcode_ctl-debuginfo-2.1-22.39.el7_4.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.4): Source: microcode_ctl-2.1-22.39.el7_4.src.rpm x86_64: microcode_ctl-2.1-22.39.el7_4.x86_64.rpm microcode_ctl-debuginfo-2.1-22.39.el7_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-24489 https://access.redhat.com/security/cve/CVE-2020-24511 https://access.redhat.com/security/cve/CVE-2020-24512 https://access.redhat.com/security/cve/CVE-2020-24513 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYMAhZtzjgjWX9erEAQgacA/8CSb4gKvVxCL/UEvQ8fD+Fuk7bVgGXgdl zfHALQmqxEvgcquECA1+0gVaALewsTbv0jYGt8ar3LXlNfdYvJyTZIkkTU7QPZX4 noIGXIk9Ljn6HDzNVq4+SzQGFhsy+eCyj0ksgLD1pYvSXZhMhIFoNs88qbn4vohF NWbr/79PFDN5Z8OD6eZ62dQuU0EBgR2/zQGhqEp2A5AIGyCpoGkeMjQbcEr8MTYw re11SdeDWdXudlgn6lCeVm1NB8/oaCRih7VTaNzHMTihyG2fS6Vfy9Tf1PcXXrZT 8r21wAISxES7QfMCxBB3jnlq+/3QYFG/dYLDZ8EDwa6ZCXyFRHirUQP6vrk9TG5k xVPIFH/QUwcWFaquGbvtpllAgn1tcSohpzMzDPqLIFSO031A1Xdn6JaYaUi9unO7 wOUS5MMYTJtXjQJ/lBjMFFCEMzGZ1VY74wwdHmyoBW9eA6DnfjTHsnhTpWvLbuHw fM0+/amC1YdZkMOmKWeSNkB0ESISQw6d7/pgT1px/ZyEktGtlnvOcybPpqVVFnnT 3llMAz6CW3UL59MvAvPk9dXKSeJBfsXVVQq21VVuNi/KHSE9tsYQnBgiVizDbrru npkQK4e+JU/GxTuioDK4/QrC89S9ZTvHcfiTFhpDt8DNxJdkmjjNi87m1UWfS1rL 3CqP9OqPU7Q=cruI -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 1.71

sources: NVD: CVE-2020-24512 // VULHUB: VHN-178398 // PACKETSTORM: 163031 // PACKETSTORM: 163036 // PACKETSTORM: 163042 // PACKETSTORM: 163043 // PACKETSTORM: 163044 // PACKETSTORM: 163047 // PACKETSTORM: 163966 // PACKETSTORM: 163993

AFFECTED PRODUCTS

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:netappmodel:solidfire biosscope:eqversion: -

Trust: 1.0

vendor:netappmodel:hci compute node biosscope:eqversion: -

Trust: 1.0

vendor:intelmodel:microcodescope:ltversion:20210608

Trust: 1.0

vendor:netappmodel:fas\/aff biosscope:eqversion: -

Trust: 1.0

sources: NVD: CVE-2020-24512

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-24512
value: LOW

Trust: 1.0

CNNVD: CNNVD-202106-633
value: LOW

Trust: 0.6

VULHUB: VHN-178398
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-24512
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-178398
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-24512
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-178398 // CNNVD: CNNVD-202106-633 // NVD: CVE-2020-24512

PROBLEMTYPE DATA

problemtype:CWE-203

Trust: 1.1

sources: VULHUB: VHN-178398 // NVD: CVE-2020-24512

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-633

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202106-633

PATCH

title:Intel Processors Repair measures for information disclosure vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=153291

Trust: 0.6

sources: CNNVD: CNNVD-202106-633

EXTERNAL IDS

db:NVDid:CVE-2020-24512

Trust: 2.5

db:SIEMENSid:SSA-309571

Trust: 1.7

db:PACKETSTORMid:163031

Trust: 0.8

db:PACKETSTORMid:163993

Trust: 0.7

db:AUSCERTid:ESB-2021.2243

Trust: 0.6

db:AUSCERTid:ESB-2023.2479

Trust: 0.6

db:AUSCERTid:ESB-2021.4047

Trust: 0.6

db:AUSCERTid:ESB-2021.2088

Trust: 0.6

db:AUSCERTid:ESB-2021.2721

Trust: 0.6

db:AUSCERTid:ESB-2021.2797

Trust: 0.6

db:AUSCERTid:ESB-2021.3443

Trust: 0.6

db:AUSCERTid:ESB-2021.2258

Trust: 0.6

db:AUSCERTid:ESB-2021.2537

Trust: 0.6

db:AUSCERTid:ESB-2021.2905

Trust: 0.6

db:AUSCERTid:ESB-2021.2945

Trust: 0.6

db:AUSCERTid:ESB-2021.2010

Trust: 0.6

db:AUSCERTid:ESB-2021.2672

Trust: 0.6

db:CS-HELPid:SB2021081834

Trust: 0.6

db:CS-HELPid:SB2021080917

Trust: 0.6

db:CS-HELPid:SB2021083127

Trust: 0.6

db:CS-HELPid:SB2021081125

Trust: 0.6

db:CS-HELPid:SB2021062128

Trust: 0.6

db:CS-HELPid:SB2021062701

Trust: 0.6

db:PACKETSTORMid:163863

Trust: 0.6

db:PACKETSTORMid:163757

Trust: 0.6

db:PACKETSTORMid:163772

Trust: 0.6

db:ICS CERTid:ICSA-21-222-05

Trust: 0.6

db:LENOVOid:LEN-62742

Trust: 0.6

db:CNNVDid:CNNVD-202106-633

Trust: 0.6

db:PACKETSTORMid:163047

Trust: 0.2

db:PACKETSTORMid:163044

Trust: 0.2

db:PACKETSTORMid:163042

Trust: 0.2

db:PACKETSTORMid:163043

Trust: 0.2

db:PACKETSTORMid:163036

Trust: 0.2

db:PACKETSTORMid:163037

Trust: 0.1

db:PACKETSTORMid:163040

Trust: 0.1

db:PACKETSTORMid:163048

Trust: 0.1

db:PACKETSTORMid:163032

Trust: 0.1

db:PACKETSTORMid:163046

Trust: 0.1

db:VULHUBid:VHN-178398

Trust: 0.1

db:PACKETSTORMid:163966

Trust: 0.1

sources: VULHUB: VHN-178398 // PACKETSTORM: 163031 // PACKETSTORM: 163036 // PACKETSTORM: 163042 // PACKETSTORM: 163043 // PACKETSTORM: 163044 // PACKETSTORM: 163047 // PACKETSTORM: 163966 // PACKETSTORM: 163993 // CNNVD: CNNVD-202106-633 // NVD: CVE-2020-24512

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20210611-0005/

Trust: 1.7

url:https://www.debian.org/security/2021/dsa-4934

Trust: 1.7

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html

Trust: 1.7

url:https://access.redhat.com/security/cve/cve-2020-24512

Trust: 1.4

url:https://access.redhat.com/security/cve/cve-2020-24511

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-24489

Trust: 0.8

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-24512

Trust: 0.8

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-24511

Trust: 0.8

url:https://access.redhat.com/articles/11258

Trust: 0.8

url:https://access.redhat.com/security/team/key/

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2020-24489

Trust: 0.8

url:https://bugzilla.redhat.com/):

Trust: 0.8

url:https://access.redhat.com/security/team/contact/

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2020-24513

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-24513

Trust: 0.6

url:https://packetstormsecurity.com/files/163863/red-hat-security-advisory-2021-3176-01.html

Trust: 0.6

url:https://support.lenovo.com/us/en/product_security/len-62742

Trust: 0.6

url:https://packetstormsecurity.com/files/163757/red-hat-security-advisory-2021-3027-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021081834

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2537

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.2479

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6520482

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2243

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2088

Trust: 0.6

url:https://packetstormsecurity.com/files/163772/red-hat-security-advisory-2021-3029-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021062128

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021062701

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4047

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021081125

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021083127

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-222-05

Trust: 0.6

url:https://packetstormsecurity.com/files/163993/red-hat-security-advisory-2021-3364-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/163031/red-hat-security-advisory-2021-2299-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2905

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2721

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021080917

Trust: 0.6

url:https://vigilance.fr/vulnerability/intel-processor-information-disclosure-via-shared-resources-35664

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2945

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2672

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2010

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2258

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2797

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3443

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-8696

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-8698

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-8698

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-0549

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-0543

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-8695

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-8695

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-0549

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-0543

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-8696

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-0548

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-0548

Trust: 0.2

url:https://access.redhat.com/errata/rhsa-2021:2299

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2300

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2308

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2301

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2304

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2303

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3317

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3364

Trust: 0.1

sources: VULHUB: VHN-178398 // PACKETSTORM: 163031 // PACKETSTORM: 163036 // PACKETSTORM: 163042 // PACKETSTORM: 163043 // PACKETSTORM: 163044 // PACKETSTORM: 163047 // PACKETSTORM: 163966 // PACKETSTORM: 163993 // CNNVD: CNNVD-202106-633 // NVD: CVE-2020-24512

CREDITS

Red Hat

Trust: 0.8

sources: PACKETSTORM: 163031 // PACKETSTORM: 163036 // PACKETSTORM: 163042 // PACKETSTORM: 163043 // PACKETSTORM: 163044 // PACKETSTORM: 163047 // PACKETSTORM: 163966 // PACKETSTORM: 163993

SOURCES

db:VULHUBid:VHN-178398
db:PACKETSTORMid:163031
db:PACKETSTORMid:163036
db:PACKETSTORMid:163042
db:PACKETSTORMid:163043
db:PACKETSTORMid:163044
db:PACKETSTORMid:163047
db:PACKETSTORMid:163966
db:PACKETSTORMid:163993
db:CNNVDid:CNNVD-202106-633
db:NVDid:CVE-2020-24512

LAST UPDATE DATE

2024-11-20T20:42:17.673000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-178398date:2021-09-09T00:00:00
db:CNNVDid:CNNVD-202106-633date:2023-05-04T00:00:00
db:NVDid:CVE-2020-24512date:2021-09-09T12:56:22.933

SOURCES RELEASE DATE

db:VULHUBid:VHN-178398date:2021-06-09T00:00:00
db:PACKETSTORMid:163031date:2021-06-09T13:26:32
db:PACKETSTORMid:163036date:2021-06-09T13:28:02
db:PACKETSTORMid:163042date:2021-06-09T13:40:32
db:PACKETSTORMid:163043date:2021-06-09T13:40:40
db:PACKETSTORMid:163044date:2021-06-09T13:40:48
db:PACKETSTORMid:163047date:2021-06-09T13:42:12
db:PACKETSTORMid:163966date:2021-08-31T15:56:51
db:PACKETSTORMid:163993date:2021-08-31T16:27:14
db:CNNVDid:CNNVD-202106-633date:2021-06-08T00:00:00
db:NVDid:CVE-2020-24512date:2021-06-09T19:15:08.930