Vulnerability CVE-2020-24512

Vulnerability Name:

CVE-2020-24512 (CCN-203396)

Assigned:

2020-08-19

Published:

2021-06-08

Updated:

2021-09-09

Summary:

Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS v3 Severity:

3.3 Low (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
2.9 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

2.8 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N)
2.5 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

2.8 Low (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N)
2.5 Low (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

1.0 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-203
CWE-200

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2020-24512

Source: CONFIRM
Type: Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf

Source: XF
Type: UNKNOWN
intel-cve202024512-info-disc(203396)

Source: MLIST
Type: Third Party Advisory
[debian-lts-announce] 20210726 [SECURITY] [DLA 2718-1] intel-microcode security update

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20210611-0005/

Source: CCN
Type: Lenovo Security Advisory: LEN-62742
Multi-vendor BIOS Security Vulnerabilities (June 2021)

Source: DEBIAN
Type: Third Party Advisory
DSA-4934

Source: CCN
Type: IBM Security Bulletin 6501139 (QRadar Network Packet Capture Software)
Kernel as used by IBM QRadar Network Packet Capture contains multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6520482 (QRadar SIEM)
Linux Kernel as used by IBM QRadar SIEM contains multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6569535 (Cloud Pak System)
Multiple Vulnerabilities in Intel Processors affect Cloud Pak System

Source: CCN
Type: INTEL-SA-00464
2021.1 IPU Intel Processor Advisory

Source: MISC
Type: Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html

Vulnerable Configuration:

Configuration 1:

cpe:/o:intel:microcode:*:*:*:*:*:*:*:* (Version < 20210608)

Configuration 2:

cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:netapp:fas/aff_bios:-:*:*:*:*:*:*:*

OR cpe:/o:netapp:hci_compute_node_bios:-:*:*:*:*:*:*:*

OR cpe:/o:netapp:solidfire_bios:-:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:rhel_els:6:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ibm:qradar_security_information_and_event_manager:7.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_system:2.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4:-:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7821	P	ucode-intel-20230214-150200.21.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:718	P	Security update for java-1_8_0-ibm (Important)	2022-08-31
oval:org.opensuse.security:def:3619	P	Security update for expat (Important)	2022-07-06
oval:org.opensuse.security:def:3435	P	at-3.1.14-8.6.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3214	P	libmysqlclient18-10.0.40.1-2.9.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94547	P	expat-2.4.4-150400.2.24 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94844	P	ucode-intel-20220207-10.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:375	P	ucode-intel-20220207-10.1 on GA media (Moderate)	2022-06-10
oval:org.opensuse.security:def:99477	P	(Important)	2022-01-25
oval:org.opensuse.security:def:113549	P	ucode-intel-20210608-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:106940	P	ucode-intel-20210608-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:99676	P	(Important)	2021-09-03
oval:org.opensuse.security:def:99984	P	(Moderate)	2021-08-23
oval:com.redhat.rhsa:def:20213028	P	RHSA-2021:3028: microcode_ctl security, bug fix and enhancement update (Important)	2021-08-09
oval:org.opensuse.security:def:101260	P	cups-ddk-2.2.7-3.26.1 on GA media (Moderate)	2021-08-09
oval:com.redhat.rhsa:def:20213027	P	RHSA-2021:3027: microcode_ctl security, bug fix and enhancement update (Important)	2021-08-09
oval:org.opensuse.security:def:111575	P	Security update for ucode-intel (Important)	2021-07-10
oval:org.opensuse.security:def:40578	P	Security update for microcode_ctl (Important)	2021-06-28
oval:org.opensuse.security:def:41570	P	Security update for microcode_ctl (Important)	2021-06-28
oval:org.opensuse.security:def:45008	P	Security update for microcode_ctl (Important)	2021-06-28
oval:org.opensuse.security:def:46000	P	Security update for microcode_ctl (Important)	2021-06-28
oval:org.opensuse.security:def:38241	P	Security update for microcode_ctl (Important)	2021-06-28
oval:org.opensuse.security:def:111435	P	Security update for ucode-intel (Important)	2021-06-16
oval:org.opensuse.security:def:31197	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:60284	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:99278	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:56033	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:87406	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:73830	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:83297	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:8976	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:92527	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:125552	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:33668	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:69668	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:29381	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:58765	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:89404	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:51907	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:85661	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:97056	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:10099	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:93231	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:91942	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:42089	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:31637	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:64524	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:57020	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:88136	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:83417	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:9345	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:92726	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:126722	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:33926	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:69867	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:101449	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:30090	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:59491	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:98892	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:107926	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:55204	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:86101	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:97057	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:10278	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:8602	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:92137	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:32116	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:64708	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:23596	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:57460	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:88449	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:84158	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:9528	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:92925	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:127119	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:34461	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:70239	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:30210	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:59749	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:99087	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:55913	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:86580	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:73646	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:82588	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:8781	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:92328	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:117441	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:32942	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:69485	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:23919	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:57939	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:89146	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:51584	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:84616	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:97055	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:9727	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:93078	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:70418	P	Security update for ucode-intel (Important)	2021-06-10
oval:com.redhat.rhsa:def:20212299	P	RHSA-2021:2299: microcode_ctl security, bug fix and enhancement update (Important)	2021-06-09
oval:com.redhat.rhsa:def:20212305	P	RHSA-2021:2305: microcode_ctl security, bug fix and enhancement update (Important)	2021-06-09
oval:com.redhat.rhsa:def:20212308	P	RHSA-2021:2308: microcode_ctl security, bug fix and enhancement update (Important)	2021-06-09

BACK