ID

VAR-202106-0345


CVE

CVE-2020-24513


TITLE

Intel Processors Information disclosure vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202106-632

DESCRIPTION

Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. For the stable distribution (buster), these problems have been fixed in version 3.20210608.2~deb10u1. Note that there are two reported regressions; for some CoffeeLake CPUs this update may break iwlwifi (https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/56) and some for Skylake R0/D0 CPUs on systems using a very outdated firmware/BIOS, the system may hang on boot: (https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31) If you are affected by those issues, you can recover by disabling microcode loading on boot (as documented in README.Debian (also available online at https://salsa.debian.org/hmh/intel-microcode/-/blob/master/debian/README.Debian)) We recommend that you upgrade your intel-microcode packages. For the detailed security status of intel-microcode please refer to its security tracker page at: https://security-tracker.debian.org/tracker/intel-microcode Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmDXan0ACgkQEMKTtsN8 Tja9aQ//f1dHsEghQsedGnkMCIa2qLi12UFtb4yW7TYV6uwloqbYZMbymvoXYOAB haasn+yCaGUkXuAHxcGvZuN41EkRhdG4LfS5qoZxPMsw84ETjpV2Ohwhuqwf9P20 9pqV1QLjVPCMiCqvHatkzyRNPtRhIh0uCRx5HtIeOEyKTwhVnUJrrljUXCzMDviD 3As0n0yVUPDIcJdaVxp5mxyebf1NyIYMR+7wmzTBOhK6i+rEE4NkKGkcsYBIM1ch AdTQNHv78QZld6ixL8iCUe1NsSugZ2QjbVL1BLW45fJv3f0BIF5uo6LBzbiJlN/6 xWwOdFTfqW1ORyr0k6JQ+yKz3oSE+jfUStwf+zegWOjYes5gGaA/nATzzNwwFfCQ qDqMmnN26qMI3MswP50ESkNs2JTK3955cIJjnscp5DeFArDuCFKh9wcqSZ46/QCE GVRi+F/Dh3JQxv/jP8jfLhCvkBptuendGo9qK5v22QoeCRoHS16dLu7HHP34hRrw k//EgtP35pD9eTNiIsxhmx3qTPD0gbQbcMG/5NTVtpNqsffAxYtqTy8+/4lfPkNn AYtYrrG6tjEHe1gasLkjthB7c0YLzPLdNyZkNIk6XZ2YIhx18N80c7gTBERSJ1Sh 9lmsnX3+5GWM7Fx2NN2vL5xIEo0einMJCyTlNMRDLim2ix1vpZg= =RVf2 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: microcode_ctl security, bug fix and enhancement update Advisory ID: RHSA-2021:2301-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2301 Issue date: 2021-06-08 CVE Names: CVE-2020-24489 CVE-2020-24511 CVE-2020-24512 CVE-2020-24513 ==================================================================== 1. Summary: An update for microcode_ctl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - x86_64 3. Description: The microcode_ctl packages provide microcode updates for Intel. Security Fix(es): * hw: vt-d related privilege escalation (CVE-2020-24489) * hw: improper isolation of shared resources in some Intel Processors (CVE-2020-24511) * hw: observable timing discrepancy in some Intel Processors (CVE-2020-24512) * hw: information disclosure on some Intel Atom processors (CVE-2020-24513) Bug Fix(es) and Enhancement(s): * Update Intel CPU microcode to microcode-20210525 release 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1962650 - CVE-2020-24489 hw: vt-d related privilege escalation 1962666 - CVE-2020-24513 hw: information disclosure on some Intel Atom processors 1962702 - CVE-2020-24511 hw: improper isolation of shared resources in some Intel Processors 1962722 - CVE-2020-24512 hw: observable timing discrepancy in some Intel Processors 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.4): Source: microcode_ctl-2.1-22.39.el7_4.src.rpm x86_64: microcode_ctl-2.1-22.39.el7_4.x86_64.rpm microcode_ctl-debuginfo-2.1-22.39.el7_4.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.4): Source: microcode_ctl-2.1-22.39.el7_4.src.rpm x86_64: microcode_ctl-2.1-22.39.el7_4.x86_64.rpm microcode_ctl-debuginfo-2.1-22.39.el7_4.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.4): Source: microcode_ctl-2.1-22.39.el7_4.src.rpm x86_64: microcode_ctl-2.1-22.39.el7_4.x86_64.rpm microcode_ctl-debuginfo-2.1-22.39.el7_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-24489 https://access.redhat.com/security/cve/CVE-2020-24511 https://access.redhat.com/security/cve/CVE-2020-24512 https://access.redhat.com/security/cve/CVE-2020-24513 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYMAhZtzjgjWX9erEAQgacA/8CSb4gKvVxCL/UEvQ8fD+Fuk7bVgGXgdl zfHALQmqxEvgcquECA1+0gVaALewsTbv0jYGt8ar3LXlNfdYvJyTZIkkTU7QPZX4 noIGXIk9Ljn6HDzNVq4+SzQGFhsy+eCyj0ksgLD1pYvSXZhMhIFoNs88qbn4vohF NWbr/79PFDN5Z8OD6eZ62dQuU0EBgR2/zQGhqEp2A5AIGyCpoGkeMjQbcEr8MTYw re11SdeDWdXudlgn6lCeVm1NB8/oaCRih7VTaNzHMTihyG2fS6Vfy9Tf1PcXXrZT 8r21wAISxES7QfMCxBB3jnlq+/3QYFG/dYLDZ8EDwa6ZCXyFRHirUQP6vrk9TG5k xVPIFH/QUwcWFaquGbvtpllAgn1tcSohpzMzDPqLIFSO031A1Xdn6JaYaUi9unO7 wOUS5MMYTJtXjQJ/lBjMFFCEMzGZ1VY74wwdHmyoBW9eA6DnfjTHsnhTpWvLbuHw fM0+/amC1YdZkMOmKWeSNkB0ESISQw6d7/pgT1px/ZyEktGtlnvOcybPpqVVFnnT 3llMAz6CW3UL59MvAvPk9dXKSeJBfsXVVQq21VVuNi/KHSE9tsYQnBgiVizDbrru npkQK4e+JU/GxTuioDK4/QrC89S9ZTvHcfiTFhpDt8DNxJdkmjjNi87m1UWfS1rL 3CqP9OqPU7Q=cruI -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================= Ubuntu Security Notice USN-4985-1 June 09, 2021 intel-microcode vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.04 - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in Intel Microcode. This may allow a local user to perform a privilege escalation attack. (CVE-2021-24489) Joseph Nuzman discovered that some Intel processors may not properly apply EIBRS mitigations (originally developed for CVE-2017-5715) and hence may allow unauthorized memory reads via sidechannel attacks. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2020-24511) Travis Downs discovered that some Intel processors did not properly flush cache-lines for trivial-data values. This may allow an unauthorized user to infer the presence of these trivial-data-cache-lines via timing sidechannel attacks. A local attacker could use this to expose sensitive information. (CVE-2020-24512) It was discovered that certain Intel Atom processors could expose memory contents stored in microarchitectural buffers. A local attacker could use this to expose sensitive information. (CVE-2020-24513) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.04: intel-microcode 3.20210608.0ubuntu0.21.04.1 Ubuntu 20.10: intel-microcode 3.20210608.0ubuntu0.20.10.1 Ubuntu 20.04 LTS: intel-microcode 3.20210608.0ubuntu0.20.04.1 Ubuntu 18.04 LTS: intel-microcode 3.20210608.0ubuntu0.18.04.1 Ubuntu 16.04 ESM: intel-microcode 3.20210608.0ubuntu0.16.04.1+esm1 Ubuntu 14.04 ESM: intel-microcode 3.20210608.0ubuntu0.14.04.1+esm1 After a standard system update you need to reboot your computer to make all the necessary changes

Trust: 1.62

sources: NVD: CVE-2020-24513 // VULHUB: VHN-178399 // VULMON: CVE-2020-24513 // PACKETSTORM: 169079 // PACKETSTORM: 163040 // PACKETSTORM: 163042 // PACKETSTORM: 163043 // PACKETSTORM: 163044 // PACKETSTORM: 163048

AFFECTED PRODUCTS

vendor:intelmodel:atom c3950scope:eqversion: -

Trust: 1.0

vendor:intelmodel:atom c3308scope:eqversion: -

Trust: 1.0

vendor:intelmodel:atom c3958scope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n3350scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i3-l13g4scope:eqversion: -

Trust: 1.0

vendor:intelmodel:atom c3708scope:eqversion: -

Trust: 1.0

vendor:intelmodel:pentium silver n5000scope:eqversion: -

Trust: 1.0

vendor:intelmodel:p5921bscope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron j3455scope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron j4105scope:eqversion: -

Trust: 1.0

vendor:intelmodel:atom x5-a3930scope:eqversion: -

Trust: 1.0

vendor:intelmodel:p5931bscope:eqversion: -

Trust: 1.0

vendor:intelmodel:p5962bscope:eqversion: -

Trust: 1.0

vendor:intelmodel:pentium n4200scope:eqversion: -

Trust: 1.0

vendor:intelmodel:atom c3336scope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n3350escope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n4100scope:eqversion: -

Trust: 1.0

vendor:intelmodel:pentium silver j5040scope:eqversion: -

Trust: 1.0

vendor:intelmodel:atom c3508scope:eqversion: -

Trust: 1.0

vendor:intelmodel:atom c3558scope:eqversion: -

Trust: 1.0

vendor:intelmodel:pentium j6425scope:eqversion: -

Trust: 1.0

vendor:intelmodel:pentium n6415scope:eqversion: -

Trust: 1.0

vendor:intelmodel:pentium silver n5030scope:eqversion: -

Trust: 1.0

vendor:intelmodel:atom c3558rcscope:eqversion: -

Trust: 1.0

vendor:intelmodel:atom x6425escope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron j6413scope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n6211scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic et 200sp open controllerscope:ltversion:0209_0105

Trust: 1.0

vendor:intelmodel:celeron j3355escope:eqversion: -

Trust: 1.0

vendor:intelmodel:pentium j4205scope:eqversion: -

Trust: 1.0

vendor:intelmodel:atom p5942bscope:eqversion: -

Trust: 1.0

vendor:intelmodel:atom x5-a3940scope:eqversion: -

Trust: 1.0

vendor:intelmodel:atom c3758scope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n3450scope:eqversion: -

Trust: 1.0

vendor:intelmodel:atom x5-a3960scope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:intelmodel:atom c3858scope:eqversion: -

Trust: 1.0

vendor:intelmodel:atom x6427fescope:eqversion: -

Trust: 1.0

vendor:intelmodel:atom c3338rscope:eqversion: -

Trust: 1.0

vendor:intelmodel:atom c3750scope:eqversion: -

Trust: 1.0

vendor:intelmodel:atom c3850scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc127escope:ltversion:21.01.07

Trust: 1.0

vendor:intelmodel:atom x6211escope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-l16g7scope:eqversion: -

Trust: 1.0

vendor:intelmodel:atom x6212rescope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron j4005scope:eqversion: -

Trust: 1.0

vendor:intelmodel:atom c3758rscope:eqversion: -

Trust: 1.0

vendor:intelmodel:atom c3808scope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n4000scope:eqversion: -

Trust: 1.0

vendor:intelmodel:atom c3538scope:eqversion: -

Trust: 1.0

vendor:intelmodel:atom x5-a3950scope:eqversion: -

Trust: 1.0

vendor:intelmodel:atom c3436lscope:eqversion: -

Trust: 1.0

vendor:intelmodel:atom x6413escope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:intelmodel:celeron n4020scope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron j3455escope:eqversion: -

Trust: 1.0

vendor:intelmodel:pentium silver j5005scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic drive controllerscope:eqversion:*

Trust: 1.0

vendor:intelmodel:atom x6200fescope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron j4125scope:eqversion: -

Trust: 1.0

vendor:intelmodel:atom c3955scope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n4120scope:eqversion: -

Trust: 1.0

vendor:intelmodel:pentium n4200escope:eqversion: -

Trust: 1.0

vendor:intelmodel:atom c3558rscope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron j3355scope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron j4025scope:eqversion: -

Trust: 1.0

vendor:intelmodel:atom c3338scope:eqversion: -

Trust: 1.0

vendor:intelmodel:atom x6425rescope:eqversion: -

Trust: 1.0

vendor:intelmodel:atom c3830scope:eqversion: -

Trust: 1.0

sources: NVD: CVE-2020-24513

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-24513
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202106-632
value: MEDIUM

Trust: 0.6

VULHUB: VHN-178399
value: LOW

Trust: 0.1

VULMON: CVE-2020-24513
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-24513
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-178399
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-24513
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.0
impactScore: 4.0
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-178399 // VULMON: CVE-2020-24513 // CNNVD: CNNVD-202106-632 // NVD: CVE-2020-24513

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2020-24513

THREAT TYPE

local

Trust: 0.7

sources: PACKETSTORM: 163048 // CNNVD: CNNVD-202106-632

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202106-632

PATCH

title:Intel Atom Processors Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155259

Trust: 0.6

title:Red Hat: CVE-2020-24513url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2020-24513

Trust: 0.1

title:Debian CVElist Bug Report Logs: intel-microcode: CVE-2020-24511 CVE-2020-24512 CVE-2020-24513 CVE-2021-24489 (INTEL-SA-00464, INTEL-SA-00465, INTEL-SA-00442)url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=5d902b5a89823da316827bef43ff1012

Trust: 0.1

title:Debian Security Advisories: DSA-4934-1 intel-microcode -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=4ad7d48e75ab61a8e061047171de2577

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2020-24513 log

Trust: 0.1

title:Arch Linux Advisories: [ASA-202106-34] intel-ucode: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202106-34

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=240e27e5c8fba28153598a375a2a4130

Trust: 0.1

sources: VULMON: CVE-2020-24513 // CNNVD: CNNVD-202106-632

EXTERNAL IDS

db:NVDid:CVE-2020-24513

Trust: 2.4

db:SIEMENSid:SSA-309571

Trust: 1.7

db:PACKETSTORMid:163031

Trust: 0.7

db:AUSCERTid:ESB-2021.4047

Trust: 0.6

db:AUSCERTid:ESB-2021.2537

Trust: 0.6

db:AUSCERTid:ESB-2021.1996

Trust: 0.6

db:AUSCERTid:ESB-2021.2088

Trust: 0.6

db:AUSCERTid:ESB-2021.2258

Trust: 0.6

db:AUSCERTid:ESB-2021.2243

Trust: 0.6

db:AUSCERTid:ESB-2021.3443

Trust: 0.6

db:CS-HELPid:SB2021062128

Trust: 0.6

db:CS-HELPid:SB2021062701

Trust: 0.6

db:CS-HELPid:SB2021081109

Trust: 0.6

db:ICS CERTid:ICSA-21-222-05

Trust: 0.6

db:LENOVOid:LEN-62742

Trust: 0.6

db:CNNVDid:CNNVD-202106-632

Trust: 0.6

db:PACKETSTORMid:163044

Trust: 0.2

db:PACKETSTORMid:163040

Trust: 0.2

db:PACKETSTORMid:163042

Trust: 0.2

db:PACKETSTORMid:163043

Trust: 0.2

db:PACKETSTORMid:163048

Trust: 0.2

db:PACKETSTORMid:163037

Trust: 0.1

db:PACKETSTORMid:163047

Trust: 0.1

db:PACKETSTORMid:163032

Trust: 0.1

db:PACKETSTORMid:163036

Trust: 0.1

db:PACKETSTORMid:163046

Trust: 0.1

db:VULHUBid:VHN-178399

Trust: 0.1

db:VULMONid:CVE-2020-24513

Trust: 0.1

db:PACKETSTORMid:169079

Trust: 0.1

sources: VULHUB: VHN-178399 // VULMON: CVE-2020-24513 // PACKETSTORM: 169079 // PACKETSTORM: 163040 // PACKETSTORM: 163042 // PACKETSTORM: 163043 // PACKETSTORM: 163044 // PACKETSTORM: 163048 // CNNVD: CNNVD-202106-632 // NVD: CVE-2020-24513

REFERENCES

url:https://www.debian.org/security/2021/dsa-4934

Trust: 1.8

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html

Trust: 1.8

url:https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf

Trust: 1.7

url:https://access.redhat.com/security/cve/cve-2020-24513

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24511

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-24512

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-24513

Trust: 0.6

url:https://packetstormsecurity.com/files/163031/red-hat-security-advisory-2021-2299-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021081109

Trust: 0.6

url:https://support.lenovo.com/us/en/product_security/len-62742

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6501139

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2537

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1996

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6520482

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2243

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2088

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2258

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021062128

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021062701

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3443

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4047

Trust: 0.6

url:https://vigilance.fr/vulnerability/intel-atom-processor-information-disclosure-via-domain-bypass-transient-execution-35665

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-222-05

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-24489

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-24511

Trust: 0.4

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.4

url:https://access.redhat.com/articles/11258

Trust: 0.4

url:https://access.redhat.com/security/team/key/

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-24489

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-24512

Trust: 0.4

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://salsa.debian.org/hmh/intel-microcode/-/blob/master/debian/readme.debian))

Trust: 0.1

url:https://github.com/intel/intel-linux-processor-microcode-data-files/issues/56)

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://github.com/intel/intel-linux-processor-microcode-data-files/issues/31)

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://security-tracker.debian.org/tracker/intel-microcode

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2307

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2308

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2301

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2304

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-24489

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/intel-microcode/3.20210608.0ubuntu0.20.10.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/intel-microcode/3.20210608.0ubuntu0.21.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/intel-microcode/3.20210608.0ubuntu0.20.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/intel-microcode/3.20210608.0ubuntu0.18.04.1

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-4985-1

Trust: 0.1

sources: VULHUB: VHN-178399 // VULMON: CVE-2020-24513 // PACKETSTORM: 169079 // PACKETSTORM: 163040 // PACKETSTORM: 163042 // PACKETSTORM: 163043 // PACKETSTORM: 163044 // PACKETSTORM: 163048 // CNNVD: CNNVD-202106-632 // NVD: CVE-2020-24513

CREDITS

Siemens reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202106-632

SOURCES

db:VULHUBid:VHN-178399
db:VULMONid:CVE-2020-24513
db:PACKETSTORMid:169079
db:PACKETSTORMid:163040
db:PACKETSTORMid:163042
db:PACKETSTORMid:163043
db:PACKETSTORMid:163044
db:PACKETSTORMid:163048
db:CNNVDid:CNNVD-202106-632
db:NVDid:CVE-2020-24513

LAST UPDATE DATE

2024-11-27T22:19:02.454000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-178399date:2022-04-22T00:00:00
db:VULMONid:CVE-2020-24513date:2021-08-10T00:00:00
db:CNNVDid:CNNVD-202106-632date:2022-04-24T00:00:00
db:NVDid:CVE-2020-24513date:2022-04-22T16:20:19.347

SOURCES RELEASE DATE

db:VULHUBid:VHN-178399date:2021-06-09T00:00:00
db:VULMONid:CVE-2020-24513date:2021-06-09T00:00:00
db:PACKETSTORMid:169079date:2021-06-28T19:12:00
db:PACKETSTORMid:163040date:2021-06-09T13:40:18
db:PACKETSTORMid:163042date:2021-06-09T13:40:32
db:PACKETSTORMid:163043date:2021-06-09T13:40:40
db:PACKETSTORMid:163044date:2021-06-09T13:40:48
db:PACKETSTORMid:163048date:2021-06-09T13:42:19
db:CNNVDid:CNNVD-202106-632date:2021-06-08T00:00:00
db:NVDid:CVE-2020-24513date:2021-06-09T19:15:08.963