Vulnerability CVE-2021-0089

Vulnerability Name:

CVE-2021-0089 (CCN-203351)

Assigned:

2020-10-22

Published:

2021-06-08

Updated:

2022-05-24

Summary:

Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

CVSS v3 Severity:

6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

CVSS v2 Severity:

2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-203

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2021-0089

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20210610 Xen Security Advisory 375 v4 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20210610 Re: Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20210610 Re: Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass

Source: XF
Type: UNKNOWN
intel-cve20210089-info-disc(203351)

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-41d4347447

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-993693c914

Source: GENTOO
Type: Third Party Advisory
GLSA-202107-30

Source: DEBIAN
Type: Third Party Advisory
DSA-4931

Source: CCN
Type: INTEL-SA-00516
Intel Processors Software Developer Guidance Advisory

Source: MISC
Type: Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00516.html

Vulnerable Configuration:

Configuration 1:

cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:intel:pentium_processors_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:intel:pentium_processors:-:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:intel:celeron_processors_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:intel:celeron_processors:-:*:*:*:*:*:*:*

Configuration 4:

cpe:/o:intel:xeon_processors_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:intel:xeon_processors:-:*:*:*:*:*:*:*

Configuration 5:

cpe:/o:intel:core_processors_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:intel:core_processors:-:*:*:*:*:*:*:*

Configuration 6:

cpe:/o:intel:itanium_processors_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:intel:itanium_processors:-:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7987	P	apache-commons-compress-1.21-150200.3.13.4 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:8050	P	perl-Archive-Extract-0.80-1.24 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:7831	P	xen-libs-4.17.0_06-150500.1.10 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:51952	P	Security update for libX11 (Moderate)	2022-11-15
oval:org.opensuse.security:def:767	P	Security update for sqlite3 (Moderate)	2022-09-19
oval:org.opensuse.security:def:95375	P	Security update for MozillaThunderbird (Important) (in QA)	2022-08-01
oval:org.opensuse.security:def:3225	P	libopus0-1.1-3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3479	P	e2fsprogs-1.43.8-3.8.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3535	P	java-1_8_0-openjdk-1.8.0.222-27.35.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3668	P	librelp0-1.2.12-3.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94855	P	xen-libs-4.16.0_08-150400.2.12 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95165	P	xen-4.16.0_08-150400.2.12 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94591	P	kernel-firmware-all-20220119-150400.2.3 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:388	P	xen-libs-4.16.0_08-150400.2.12 on GA media (Moderate)	2022-06-10
oval:org.opensuse.security:def:93134	P	(Important)	2022-05-10
oval:org.opensuse.security:def:102088	P	Security update for icedtea-web (Important)	2022-04-19
oval:org.opensuse.security:def:99733	P	(Important)	2022-04-13
oval:org.opensuse.security:def:6160	P	Security update for apache2 (Important)	2022-02-16
oval:org.opensuse.security:def:41886	P	Security update for xen (Moderate)	2021-12-01
oval:org.opensuse.security:def:46316	P	Security update for xen (Moderate)	2021-12-01
oval:org.opensuse.security:def:30256	P	Security update for xen (Moderate)	2021-10-07
oval:org.opensuse.security:def:55256	P	Security update for xen (Moderate)	2021-10-07
oval:org.opensuse.security:def:82640	P	Security update for xen (Moderate)	2021-10-07
oval:org.opensuse.security:def:29433	P	Security update for xen (Moderate)	2021-10-07
oval:org.opensuse.security:def:55959	P	Security update for xen (Moderate)	2021-10-07
oval:org.opensuse.security:def:83343	P	Security update for xen (Moderate)	2021-10-07
oval:org.opensuse.security:def:30136	P	Security update for xen (Moderate)	2021-10-07
oval:org.opensuse.security:def:56079	P	Security update for xen (Moderate)	2021-10-07
oval:org.opensuse.security:def:83463	P	Security update for xen (Moderate)	2021-10-07
oval:org.opensuse.security:def:111049	P	Security update for xen (Important)	2021-09-07
oval:org.opensuse.security:def:32181	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:58820	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:86143	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:57088	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:84207	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:32997	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:86645	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:31265	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:57502	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:84665	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:87461	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:31679	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:58004	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:85729	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:23666	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:51654	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:23964	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:8650	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:88501	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:127162	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:99141	P	(Important)	2021-09-03
oval:org.opensuse.security:def:59534	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:89189	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:33711	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:59792	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:125597	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:70290	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:89447	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:10150	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:69536	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:33969	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:88185	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:126765	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:9396	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:5827	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:67249	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:98946	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:117484	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:96068	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:1627	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:10335	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:92584	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:99674	P	(Important)	2021-09-02
oval:org.opensuse.security:def:69725	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:34528	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:64568	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:109424	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:76317	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:93287	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:101498	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:9585	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:91996	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:102758	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:69076	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:118520	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:26117	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:111699	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:73690	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:92783	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:99988	P	(Important)	2021-09-02
oval:org.opensuse.security:def:8835	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:69924	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:100043	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:64757	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:102203	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:9784	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:92191	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:99139	P	(Important)	2021-09-02
oval:org.opensuse.security:def:69139	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:99335	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:107970	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:73879	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:92981	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:100324	P	(Important)	2021-09-02
oval:org.opensuse.security:def:9030	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:101304	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:66916	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:5104	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:92385	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:99411	P	(Important)	2021-09-02
oval:org.opensuse.security:def:99534	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:60351	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:42117	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:108754	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:75984	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:100653	P	(Important)	2021-09-02
oval:org.opensuse.security:def:70475	P	Security update for xen (Important)	2021-09-02

BACK