ID

VAR-202106-0349


CVE

CVE-2020-24489


TITLE

Debian Security Advisory 4934-1

Trust: 0.1

sources: PACKETSTORM: 169079

DESCRIPTION

Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access. For the stable distribution (buster), these problems have been fixed in version 3.20210608.2~deb10u1. Note that there are two reported regressions; for some CoffeeLake CPUs this update may break iwlwifi (https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/56) and some for Skylake R0/D0 CPUs on systems using a very outdated firmware/BIOS, the system may hang on boot: (https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31) If you are affected by those issues, you can recover by disabling microcode loading on boot (as documented in README.Debian (also available online at https://salsa.debian.org/hmh/intel-microcode/-/blob/master/debian/README.Debian)) We recommend that you upgrade your intel-microcode packages. For the detailed security status of intel-microcode please refer to its security tracker page at: https://security-tracker.debian.org/tracker/intel-microcode Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmDXan0ACgkQEMKTtsN8 Tja9aQ//f1dHsEghQsedGnkMCIa2qLi12UFtb4yW7TYV6uwloqbYZMbymvoXYOAB haasn+yCaGUkXuAHxcGvZuN41EkRhdG4LfS5qoZxPMsw84ETjpV2Ohwhuqwf9P20 9pqV1QLjVPCMiCqvHatkzyRNPtRhIh0uCRx5HtIeOEyKTwhVnUJrrljUXCzMDviD 3As0n0yVUPDIcJdaVxp5mxyebf1NyIYMR+7wmzTBOhK6i+rEE4NkKGkcsYBIM1ch AdTQNHv78QZld6ixL8iCUe1NsSugZ2QjbVL1BLW45fJv3f0BIF5uo6LBzbiJlN/6 xWwOdFTfqW1ORyr0k6JQ+yKz3oSE+jfUStwf+zegWOjYes5gGaA/nATzzNwwFfCQ qDqMmnN26qMI3MswP50ESkNs2JTK3955cIJjnscp5DeFArDuCFKh9wcqSZ46/QCE GVRi+F/Dh3JQxv/jP8jfLhCvkBptuendGo9qK5v22QoeCRoHS16dLu7HHP34hRrw k//EgtP35pD9eTNiIsxhmx3qTPD0gbQbcMG/5NTVtpNqsffAxYtqTy8+/4lfPkNn AYtYrrG6tjEHe1gasLkjthB7c0YLzPLdNyZkNIk6XZ2YIhx18N80c7gTBERSJ1Sh 9lmsnX3+5GWM7Fx2NN2vL5xIEo0einMJCyTlNMRDLim2ix1vpZg= =RVf2 -----END PGP SIGNATURE----- . 6 ELS) - i386, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: microcode_ctl security, bug fix and enhancement update Advisory ID: RHSA-2021:2305-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2305 Issue date: 2021-06-08 CVE Names: CVE-2020-24489 CVE-2020-24511 CVE-2020-24512 CVE-2020-24513 ==================================================================== 1. Summary: An update for microcode_ctl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: The microcode_ctl packages provide microcode updates for Intel. Security Fix(es): * hw: vt-d related privilege escalation (CVE-2020-24489) * hw: improper isolation of shared resources in some Intel Processors (CVE-2020-24511) * hw: observable timing discrepancy in some Intel Processors (CVE-2020-24512) * hw: information disclosure on some Intel Atom processors (CVE-2020-24513) Bug Fix(es) and Enhancement(s): * Update Intel CPU microcode to microcode-20210525 release 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1962650 - CVE-2020-24489 hw: vt-d related privilege escalation 1962666 - CVE-2020-24513 hw: information disclosure on some Intel Atom processors 1962702 - CVE-2020-24511 hw: improper isolation of shared resources in some Intel Processors 1962722 - CVE-2020-24512 hw: observable timing discrepancy in some Intel Processors 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: microcode_ctl-2.1-73.9.el7_9.src.rpm x86_64: microcode_ctl-2.1-73.9.el7_9.x86_64.rpm microcode_ctl-debuginfo-2.1-73.9.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: microcode_ctl-2.1-73.9.el7_9.src.rpm x86_64: microcode_ctl-2.1-73.9.el7_9.x86_64.rpm microcode_ctl-debuginfo-2.1-73.9.el7_9.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: microcode_ctl-2.1-73.9.el7_9.src.rpm x86_64: microcode_ctl-2.1-73.9.el7_9.x86_64.rpm microcode_ctl-debuginfo-2.1-73.9.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: microcode_ctl-2.1-73.9.el7_9.src.rpm x86_64: microcode_ctl-2.1-73.9.el7_9.x86_64.rpm microcode_ctl-debuginfo-2.1-73.9.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-24489 https://access.redhat.com/security/cve/CVE-2020-24511 https://access.redhat.com/security/cve/CVE-2020-24512 https://access.redhat.com/security/cve/CVE-2020-24513 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYMAkjNzjgjWX9erEAQj9Rw//aAXwJWN2Q/e3KJ6n+bdhBXSWxMI+ro7r 86Elrmw3BY2uTNbkjEorxQfON15ZawMJn0eNprNGA4gxRJ1/OlV+bMXcXsHcxdwt 2ndTxSL9G3xd+B3j6L8N2YQAXzCSzJT2ohbFPntZeMDpd6hILbNO+XDmnPu0uEsh E1Rl1BNsQJGoJ9yrrk9hqae2erlB2nTuDwYcNN6YWANkpWxPnzrJBRt115hBL/Xm Gh9vsxTC98/V+TWn0o0gLDUr0sM21KhD2U8F3byxBQB4Kr4Y0X34U12whwHkG95b m+HKj38OHmwhm+JZV68AsVBbnaa4TM3ilccuAVujxcW10IyXZBsmBFoEnIQ5Y7mm X8Bc5goFlKet/cDqwwUDBvjFfXfC61+2N4gRnWp48b8+vojs+T6JsurrCJbRhXjL gy8adoRwG3zNj+0xh7sHjX7XkIYFwrWMxiFHUaJWMV8pfx6NvGJJTiRR6n1+nKJt scM4MX7RUnLlcmRMbN4HpU4Kg7CLqI3dgiJ1XAgIUyB4Xvsb+Ckp/M8EB9I+GLDP Z4feYJ/cplYpSCcRG0xxHsnqrDFgAI0P/KVy9GQeAaXWWVwQzP5vHr+tauLSaEae q4MCBAMQQ69TX2rSLhnwtH1fpVuBsZibIN3QAikZM///peIXrNcmR4jPBVRPU6p+ ulH8AIb5GRA=sYI9 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 1.8

sources: NVD: CVE-2020-24489 // VULHUB: VHN-178372 // PACKETSTORM: 169079 // PACKETSTORM: 163772 // PACKETSTORM: 163956 // PACKETSTORM: 163758 // PACKETSTORM: 163031 // PACKETSTORM: 163036 // PACKETSTORM: 163043 // PACKETSTORM: 163046 // PACKETSTORM: 163047

AFFECTED PRODUCTS

vendor:intelmodel:core i5-11500scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-10310uscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i9-10850kscope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n2920scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i3-l13g4scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-1035g4scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i9-10885hscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-1195g7scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i3-10100tscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i3-1120g4scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i9-11900hscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-10500escope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n3150scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-1060g7scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-1035g1scope:eqversion: -

Trust: 1.0

vendor:intelmodel:pentium silver j5040scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-11400scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-11700bscope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron j3160scope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n2820scope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron j6413scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i9-11900kfscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-10700tscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-11600kfscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i3-10100scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i3-10325scope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n3160scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i3-10100yscope:eqversion: -

Trust: 1.0

vendor:intelmodel:pentium n3530scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i9-11980hkscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i3-10100escope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n2930scope:eqversion: -

Trust: 1.0

vendor:intelmodel:pentium silver n6000scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-10810uscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-10500tescope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i3-1000g1scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i9-10910scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i9-11900kscope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n3050scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-1160g7scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i3-10100tescope:eqversion: -

Trust: 1.0

vendor:intelmodel:pentium n3540scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i3-10300tscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-10750hscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i3-10305tscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i3-10110uscope:eqversion: -

Trust: 1.0

vendor:intelmodel:pentium silver n6005scope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron j4025scope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n3010scope:eqversion: -

Trust: 1.0

vendor:intelmodel:pentium j4205scope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:intelmodel:core i3-1115grescope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-10500hscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-11850hscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-10310yscope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n2810scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-1035g7scope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n3350scope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n5100scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-10200hscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-1145g7escope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i3-10300scope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n3060scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i3-11100bscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-11600tscope:eqversion: -

Trust: 1.0

vendor:intelmodel:pentium j3710scope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron j4105scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-10505scope:eqversion: -

Trust: 1.0

vendor:intelmodel:atom x5-e3940scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i9-10900kscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-10210uscope:eqversion: -

Trust: 1.0

vendor:intelmodel:pentium n3510scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-10850hscope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n6211scope:eqversion: -

Trust: 1.0

vendor:intelmodel:pentium n6415scope:eqversion: -

Trust: 1.0

vendor:intelmodel:pentium silver n5030scope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron j3355escope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-11390hscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-10700scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i9-10900escope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n3450scope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:intelmodel:core i9-10900fscope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n2807scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-1135g7scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-l16g7scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-10500tscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-11700fscope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron j1800scope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron j3060scope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n2815scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-11320hscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-11700tscope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n2808scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-10700kscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-11370hscope:eqversion: -

Trust: 1.0

vendor:intelmodel:pentium j6426scope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n2830scope:eqversion: -

Trust: 1.0

vendor:intelmodel:pentium n4200escope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-10400hscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i9-11900kbscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i3-10105fscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-1145g7scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i3-10320scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-11400hscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i9-11900scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-10300hscope:eqversion: -

Trust: 1.0

vendor:intelmodel:pentium n3700scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-11600kscope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n5095scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-11375hscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-10210yscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-10400tscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-10600kfscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-11700kfscope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron j6412scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-1185g7escope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron j3455scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i3-1000g4scope:eqversion: -

Trust: 1.0

vendor:intelmodel:pentium n4200scope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n3350escope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n4100scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-11500hscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-10870hscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-10600scope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron j1850scope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n2910scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-1060ng7scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-1185grescope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-11500bscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-1030ng7scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-10400scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-11700scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-10700fscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i3-1005g1scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i9-11900fscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-1140g7scope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron j4005scope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n5105scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-1145grescope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n2940scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-10510uscope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n4000cscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-10700tescope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i9-10900tescope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-1155g7scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-1030g7scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i3-1000ng4scope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron j4125scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i3-1125g4scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-11600scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-10610uscope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n2806scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-10700escope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-1165g7scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i9-10900scope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron j3355scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i3-1110g4scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-10710uscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-11400fscope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n4020scope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron j1750scope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n4020cscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-1130g7scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i3-10105scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-1068ng7scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-1030g4scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i3-1115g4scope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n3000scope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron j4115scope:eqversion: -

Trust: 1.0

vendor:intelmodel:pentium silver n5000scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-10875hscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-1065g7scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i3-10105tscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i9-10900tscope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n4500scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-1180g7scope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n6210scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i3-10100fscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-11800hscope:eqversion: -

Trust: 1.0

vendor:intelmodel:atom x7-e3950scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-11260hscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-10600tscope:eqversion: -

Trust: 1.0

vendor:intelmodel:pentium n3520scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-11500tscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-10600kscope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n2805scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-11300hscope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n2840scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-11700kscope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n4000scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i9-10980hkscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-1038ng7scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-1185g7scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i3-10305scope:eqversion: -

Trust: 1.0

vendor:intelmodel:pentium j2850scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-10400fscope:eqversion: -

Trust: 1.0

vendor:intelmodel:pentium silver j5005scope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron j3455escope:eqversion: -

Trust: 1.0

vendor:intelmodel:atom x5-e3930scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i3-10110yscope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron j1900scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-10500scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i9-11900tscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-10510yscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i7-10700kfscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i9-11950hscope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n4120scope:eqversion: -

Trust: 1.0

vendor:intelmodel:pentium n3710scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i9-10900kfscope:eqversion: -

Trust: 1.0

vendor:intelmodel:pentium j2900scope:eqversion: -

Trust: 1.0

vendor:intelmodel:celeron n4505scope:eqversion: -

Trust: 1.0

vendor:intelmodel:pentium silver a1030scope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i5-11400tscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core i3-1115g4escope:eqversion: -

Trust: 1.0

sources: NVD: CVE-2020-24489

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-24489
value: HIGH

Trust: 1.0

VULHUB: VHN-178372
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-24489
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-178372
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-24489
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.0
impactScore: 6.0
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-178372 // NVD: CVE-2020-24489

PROBLEMTYPE DATA

problemtype:CWE-459

Trust: 1.1

sources: VULHUB: VHN-178372 // NVD: CVE-2020-24489

EXTERNAL IDS

db:NVDid:CVE-2020-24489

Trust: 2.0

db:PACKETSTORMid:163047

Trust: 0.2

db:PACKETSTORMid:163043

Trust: 0.2

db:PACKETSTORMid:163031

Trust: 0.2

db:PACKETSTORMid:163036

Trust: 0.2

db:PACKETSTORMid:163046

Trust: 0.2

db:PACKETSTORMid:163037

Trust: 0.1

db:PACKETSTORMid:163044

Trust: 0.1

db:PACKETSTORMid:163040

Trust: 0.1

db:PACKETSTORMid:163042

Trust: 0.1

db:PACKETSTORMid:163242

Trust: 0.1

db:PACKETSTORMid:163032

Trust: 0.1

db:PACKETSTORMid:163240

Trust: 0.1

db:VULHUBid:VHN-178372

Trust: 0.1

db:PACKETSTORMid:169079

Trust: 0.1

db:PACKETSTORMid:163772

Trust: 0.1

db:PACKETSTORMid:163956

Trust: 0.1

db:PACKETSTORMid:163758

Trust: 0.1

sources: VULHUB: VHN-178372 // PACKETSTORM: 169079 // PACKETSTORM: 163772 // PACKETSTORM: 163956 // PACKETSTORM: 163758 // PACKETSTORM: 163031 // PACKETSTORM: 163036 // PACKETSTORM: 163043 // PACKETSTORM: 163046 // PACKETSTORM: 163047 // NVD: CVE-2020-24489

REFERENCES

url:https://www.debian.org/security/2021/dsa-4934

Trust: 1.1

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html

Trust: 1.1

url:https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24511

Trust: 0.9

url:https://nvd.nist.gov/vuln/detail/cve-2020-24512

Trust: 0.9

url:https://nvd.nist.gov/vuln/detail/cve-2020-24489

Trust: 0.9

url:https://access.redhat.com/security/cve/cve-2020-24511

Trust: 0.8

url:https://access.redhat.com/articles/11258

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2020-24512

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2020-24489

Trust: 0.8

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.8

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.8

url:https://access.redhat.com/security/team/key/

Trust: 0.8

url:https://access.redhat.com/security/team/contact/

Trust: 0.8

url:https://bugzilla.redhat.com/):

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-24513

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-24513

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-8696

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-8698

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-8698

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-0549

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-0543

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-8695

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-8695

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-0549

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-0543

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-8696

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-0548

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-0548

Trust: 0.3

url:https://salsa.debian.org/hmh/intel-microcode/-/blob/master/debian/readme.debian))

Trust: 0.1

url:https://github.com/intel/intel-linux-processor-microcode-data-files/issues/56)

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://github.com/intel/intel-linux-processor-microcode-data-files/issues/31)

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://security-tracker.debian.org/tracker/intel-microcode

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3029

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3322

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3028

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2299

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2300

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2301

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2305

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2303

Trust: 0.1

sources: VULHUB: VHN-178372 // PACKETSTORM: 169079 // PACKETSTORM: 163772 // PACKETSTORM: 163956 // PACKETSTORM: 163758 // PACKETSTORM: 163031 // PACKETSTORM: 163036 // PACKETSTORM: 163043 // PACKETSTORM: 163046 // PACKETSTORM: 163047 // NVD: CVE-2020-24489

CREDITS

Red Hat

Trust: 0.8

sources: PACKETSTORM: 163772 // PACKETSTORM: 163956 // PACKETSTORM: 163758 // PACKETSTORM: 163031 // PACKETSTORM: 163036 // PACKETSTORM: 163043 // PACKETSTORM: 163046 // PACKETSTORM: 163047

SOURCES

db:VULHUBid:VHN-178372
db:PACKETSTORMid:169079
db:PACKETSTORMid:163772
db:PACKETSTORMid:163956
db:PACKETSTORMid:163758
db:PACKETSTORMid:163031
db:PACKETSTORMid:163036
db:PACKETSTORMid:163043
db:PACKETSTORMid:163046
db:PACKETSTORMid:163047
db:NVDid:CVE-2020-24489

LAST UPDATE DATE

2024-12-21T22:04:55.411000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-178372date:2022-04-06T00:00:00
db:NVDid:CVE-2020-24489date:2022-04-06T17:07:37.537

SOURCES RELEASE DATE

db:VULHUBid:VHN-178372date:2021-06-09T00:00:00
db:PACKETSTORMid:169079date:2021-06-28T19:12:00
db:PACKETSTORMid:163772date:2021-08-10T14:49:53
db:PACKETSTORMid:163956date:2021-08-31T15:44:21
db:PACKETSTORMid:163758date:2021-08-09T14:15:45
db:PACKETSTORMid:163031date:2021-06-09T13:26:32
db:PACKETSTORMid:163036date:2021-06-09T13:28:02
db:PACKETSTORMid:163043date:2021-06-09T13:40:40
db:PACKETSTORMid:163046date:2021-06-09T13:42:01
db:PACKETSTORMid:163047date:2021-06-09T13:42:12
db:NVDid:CVE-2020-24489date:2021-06-09T20:15:08.140