Vulnerability CVE-2020-24513 - CERT Civis.Net

Vulnerability Name:

CVE-2020-24513 (CCN-203407)

Assigned:

2020-08-19

Published:

2021-06-08

Updated:

2022-04-22

Summary:

Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS v3 Severity:

6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)
4.9 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

5.6 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)
4.9 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

CVSS v2 Severity:

2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

3.8 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-noinfo
CWE-200

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2020-24513

Source: CONFIRM
Type: Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf

Source: XF
Type: UNKNOWN
intel-cve202024513-info-disc(203407)

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20210726 [SECURITY] [DLA 2718-1] intel-microcode security update

Source: CCN
Type: Lenovo Security Advisory: LEN-62742
Multi-vendor BIOS Security Vulnerabilities (June 2021)

Source: DEBIAN
Type: Third Party Advisory
DSA-4934

Source: CCN
Type: IBM Security Bulletin 6501139 (QRadar Network Packet Capture Software)
Kernel as used by IBM QRadar Network Packet Capture contains multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6520482 (QRadar SIEM)
Linux Kernel as used by IBM QRadar SIEM contains multiple vulnerabilities

Source: CCN
Type: INTEL-SA-00465
2021.1 IPU - Intel Atom Processor Advisory

Source: MISC
Type: Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html

Vulnerable Configuration:

Configuration 1:

cpe:/h:intel:atom_c3308:-:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c3336:-:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c3338:-:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c3338r:-:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c3436l:-:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c3508:-:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c3538:-:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c3558:-:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c3558r:-:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c3558rc:-:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c3708:-:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c3750:-:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c3758:-:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c3758r:-:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c3808:-:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c3830:-:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c3850:-:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c3858:-:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c3950:-:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c3955:-:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c3958:-:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_p5942b:-:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_x5-a3930:-:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_x5-a3940:-:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_x5-a3950:-:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_x5-a3960:-:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_x6200fe:-:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_x6211e:-:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_x6212re:-:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_x6413e:-:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_x6425e:-:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_x6425re:-:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_x6427fe:-:*:*:*:*:*:*:*

OR cpe:/h:intel:celeron_j3355:-:*:*:*:*:*:*:*

OR cpe:/h:intel:celeron_j3355e:-:*:*:*:*:*:*:*

OR cpe:/h:intel:celeron_j3455:-:*:*:*:*:*:*:*

OR cpe:/h:intel:celeron_j3455e:-:*:*:*:*:*:*:*

OR cpe:/h:intel:celeron_j4005:-:*:*:*:*:*:*:*

OR cpe:/h:intel:celeron_j4025:-:*:*:*:*:*:*:*

OR cpe:/h:intel:celeron_j4105:-:*:*:*:*:*:*:*

OR cpe:/h:intel:celeron_j4125:-:*:*:*:*:*:*:*

OR cpe:/h:intel:celeron_j6413:-:*:*:*:*:*:*:*

OR cpe:/h:intel:celeron_n3350:-:*:*:*:*:*:*:*

OR cpe:/h:intel:celeron_n3350e:-:*:*:*:*:*:*:*

OR cpe:/h:intel:celeron_n3450:-:*:*:*:*:*:*:*

OR cpe:/h:intel:celeron_n4000:-:*:*:*:*:*:*:*

OR cpe:/h:intel:celeron_n4020:-:*:*:*:*:*:*:*

OR cpe:/h:intel:celeron_n4100:-:*:*:*:*:*:*:*

OR cpe:/h:intel:celeron_n4120:-:*:*:*:*:*:*:*

OR cpe:/h:intel:celeron_n6211:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i3-l13g4:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i5-l16g7:-:*:*:*:*:*:*:*

OR cpe:/h:intel:p5921b:-:*:*:*:*:*:*:*

OR cpe:/h:intel:p5931b:-:*:*:*:*:*:*:*

OR cpe:/h:intel:p5962b:-:*:*:*:*:*:*:*

OR cpe:/h:intel:pentium_j4205:-:*:*:*:*:*:*:*

OR cpe:/h:intel:pentium_j6425:-:*:*:*:*:*:*:*

OR cpe:/h:intel:pentium_n4200:-:*:*:*:*:*:*:*

OR cpe:/h:intel:pentium_n4200e:-:*:*:*:*:*:*:*

OR cpe:/h:intel:pentium_n6415:-:*:*:*:*:*:*:*

OR cpe:/h:intel:pentium_silver_j5005:-:*:*:*:*:*:*:*

OR cpe:/h:intel:pentium_silver_j5040:-:*:*:*:*:*:*:*

OR cpe:/h:intel:pentium_silver_n5000:-:*:*:*:*:*:*:*

OR cpe:/h:intel:pentium_silver_n5030:-:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:siemens:simatic_drive_controller_firmware:*:*:*:*:*:*:*:*

AND

cpe:/h:siemens:simatic_drive_controller:-:*:*:*:*:*:*:*

Configuration 4:

cpe:/o:siemens:simatic_et_200sp_open_controller_firmware:*:*:*:*:*:*:*:* (Version < 0209_0105)

AND

cpe:/h:siemens:simatic_et_200sp_open_controller:-:*:*:*:*:*:*:*

Configuration 5:

cpe:/o:siemens:simatic_ipc127e_firmware:*:*:*:*:*:*:*:* (Version < 21.01.07)

AND

cpe:/h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:rhel_els:6:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ibm:qradar_security_information_and_event_manager:7.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4:-:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7821	P	ucode-intel-20230214-150200.21.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:718	P	Security update for java-1_8_0-ibm (Important)	2022-08-31
oval:org.opensuse.security:def:3619	P	Security update for expat (Important)	2022-07-06
oval:org.opensuse.security:def:3435	P	at-3.1.14-8.6.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3214	P	libmysqlclient18-10.0.40.1-2.9.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94547	P	expat-2.4.4-150400.2.24 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94844	P	ucode-intel-20220207-10.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:375	P	ucode-intel-20220207-10.1 on GA media (Moderate)	2022-06-10
oval:org.opensuse.security:def:99477	P	(Important)	2022-01-25
oval:org.opensuse.security:def:113549	P	ucode-intel-20210608-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:106940	P	ucode-intel-20210608-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:99676	P	(Important)	2021-09-03
oval:org.opensuse.security:def:99984	P	(Moderate)	2021-08-23
oval:org.opensuse.security:def:101260	P	cups-ddk-2.2.7-3.26.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:111575	P	Security update for ucode-intel (Important)	2021-07-10
oval:org.opensuse.security:def:46000	P	Security update for microcode_ctl (Important)	2021-06-28
oval:org.opensuse.security:def:38241	P	Security update for microcode_ctl (Important)	2021-06-28
oval:org.opensuse.security:def:40578	P	Security update for microcode_ctl (Important)	2021-06-28
oval:org.opensuse.security:def:41570	P	Security update for microcode_ctl (Important)	2021-06-28
oval:org.opensuse.security:def:45008	P	Security update for microcode_ctl (Important)	2021-06-28
oval:org.opensuse.security:def:111435	P	Security update for ucode-intel (Important)	2021-06-16
oval:org.opensuse.security:def:32116	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:64708	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:23596	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:57460	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:88449	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:84158	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:9528	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:92925	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:127119	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:34461	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:70239	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:30210	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:59749	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:99087	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:55913	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:86580	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:97056	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:73646	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:82588	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:8781	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:92328	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:117441	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:32942	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:69485	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:23919	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:57939	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:89146	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:51584	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:84616	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:9727	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:93078	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:70418	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:31197	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:60284	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:99278	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:56033	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:87406	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:97057	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:73830	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:83297	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:8976	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:92527	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:125552	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:33668	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:69668	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:29381	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:58765	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:89404	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:51907	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:85661	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:10099	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:93231	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:91942	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:42089	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:31637	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:64524	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:57020	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:88136	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:83417	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:9345	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:92726	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:126722	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:33926	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:69867	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:101449	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:30090	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:59491	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:98892	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:107926	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:55204	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:86101	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:97055	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:10278	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:8602	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:92137	P	Security update for ucode-intel (Important)	2021-06-10
oval:com.redhat.rhsa:def:20212299	P	RHSA-2021:2299: microcode_ctl security, bug fix and enhancement update (Important)	2021-06-09
oval:com.redhat.rhsa:def:20212305	P	RHSA-2021:2305: microcode_ctl security, bug fix and enhancement update (Important)	2021-06-09
oval:com.redhat.rhsa:def:20212308	P	RHSA-2021:2308: microcode_ctl security, bug fix and enhancement update (Important)	2021-06-09