| Vulnerability Name: | CVE-2020-24491 (CCN-196541) |
| Assigned: | 2020-08-19 |
| Published: | 2021-02-09 |
| Updated: | 2021-07-21 |
| Summary: | Debug message containing addresses of memory transactions in some Intel(R) 10th Generation Core Processors supporting SGX may allow a privileged user to potentially enable information disclosure via local access.
|
| CVSS v3 Severity: | 4.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)
3.9 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): None
Availibility (A): None |
4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N)
3.5 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): High
User Interaction (UI): Required | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): None
Availibility (A): None |
|
| CVSS v2 Severity: | 1.9 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N)| Exploitability Metrics: | Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None |
3.7 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:M/C:C/I:N/A:N)| Exploitability Metrics: | Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): Multiple_Instances
| | Impact Metrics: | Confidentiality (C): Complete
Integrity (I): None
Availibility (A): None |
|
| Vulnerability Type: | CWE-312
|
| Vulnerability Consequences: | Obtain Information |
| References: | Source: MITRE
Type: CNA
CVE-2020-24491
Source: XF
Type: UNKNOWN
intel-cve202024491-info-disc(196541)
Source: CCN
Type: Lenovo Security Advisory: LEN-51719
Intel SGX Platform Advisory
Source: CCN
Type: INTEL-SA-00455
Intel SGX Platform Advisory
Source: MISC
Type: Patch, Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00455.html
|
| Vulnerable Configuration: | Configuration 1:
cpe:/h:intel:core_i3:1000g1:*:*:*:*:*:*:*OR cpe:/h:intel:core_i3:1000g4:*:*:*:*:*:*:*OR cpe:/h:intel:core_i3:1005g1:*:*:*:*:*:*:*OR cpe:/h:intel:core_i5:1030g4:*:*:*:*:*:*:*OR cpe:/h:intel:core_i5:1030g7:*:*:*:*:*:*:*OR cpe:/h:intel:core_i5:1035g1:*:*:*:*:*:*:*OR cpe:/h:intel:core_i5:1035g4:*:*:*:*:*:*:*OR cpe:/h:intel:core_i5:1035g7:*:*:*:*:*:*:*OR cpe:/h:intel:core_i7:1060g7:*:*:*:*:*:*:*OR cpe:/h:intel:core_i7:1065g7:*:*:*:*:*:*:*
Configuration CCN 1:
cpe:/h:intel:core_i5-10310y:-:*:*:*:*:*:*:*OR cpe:/h:lenovo:s940-14iwl:-:*:*:*:*:*:*:*OR cpe:/h:lenovo:yoga_s940-14iwl:-:*:*:*:*:*:*:*OR cpe:/h:intel:core_i7-1060g7:-:*:*:*:*:*:*:*OR cpe:/h:intel:core_i7-1065g7:-:*:*:*:*:*:*:*OR cpe:/h:intel:core_i5-1030g7:-:*:*:*:*:*:*:*OR cpe:/h:intel:core_i5-1035g1:-:*:*:*:*:*:*:*OR cpe:/h:intel:core_i5-1035g4:-:*:*:*:*:*:*:*OR cpe:/h:intel:core_i5-1035g7:-:*:*:*:*:*:*:*OR cpe:/h:intel:core_i3-1000g1:-:*:*:*:*:*:*:*OR cpe:/h:intel:core_i3-1000g4:-:*:*:*:*:*:*:*OR cpe:/h:intel:core_i3-1005g1:-:*:*:*:*:*:*:*OR cpe:/h:lenovo:c340-14api:-:*:*:*:*:*:*:*OR cpe:/h:lenovo:c340-14iml:-:*:*:*:*:*:*:*OR cpe:/h:lenovo:c340-15iil:-:*:*:*:*:*:*:*OR cpe:/h:lenovo:c340-15iml:-:*:*:*:*:*:*:*OR cpe:/h:lenovo:flex-15iwl:-:*:*:*:*:*:*:*OR cpe:/h:lenovo:legion_y740-15irhg:-:*:*:*:*:*:*:*OR cpe:/h:lenovo:legion_y740-17irhg:-:*:*:*:*:*:*:*OR cpe:/h:lenovo:s340-13iml:-:*:*:*:*:*:*:*OR cpe:/h:lenovo:s340-14api:-:*:*:*:*:*:*:*OR cpe:/h:lenovo:s340-14iil:-:*:*:*:*:*:*:*OR cpe:/h:lenovo:s340-14iml:-:*:*:*:*:*:*:*OR cpe:/h:lenovo:s340-14iwl:-:*:*:*:*:*:*:*OR cpe:/h:lenovo:s340-15api:-:*:*:*:*:*:*:*OR cpe:/h:lenovo:s340-15iml:-:*:*:*:*:*:*:*OR cpe:/h:lenovo:s340-15iwl:-:*:*:*:*:*:*:*OR cpe:/h:lenovo:s340-15iwl_touch:-:*:*:*:*:*:*:*OR cpe:/h:lenovo:s530-13iml:-:*:*:*:*:*:*:*OR cpe:/h:lenovo:s540-14api:-:*:*:*:*:*:*:*OR cpe:/h:lenovo:s540-14iml:-:*:*:*:*:*:*:*OR cpe:/h:lenovo:v145-14ast:-:*:*:*:*:*:*:*OR cpe:/h:lenovo:v145-15ast:-:*:*:*:*:*:*:*OR cpe:/h:lenovo:v330-14arr:-:*:*:*:*:*:*:*OR cpe:/h:lenovo:v330-15ikb:-:*:*:*:*:*:*:*OR cpe:/h:lenovo:v330-15isk:-:*:*:*:*:*:*:*OR cpe:/h:lenovo:yoga_730-13iwl:-:*:*:*:*:*:*:*OR cpe:/h:lenovo:yoga_s740-14iil:-:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| BACK |