Details of VAR-202106-0343

ID

VAR-202106-0343

CVE

CVE-2020-24511

TITLE

Intel Processors Information disclosure vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202106-634

DESCRIPTION

Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Intel Processors (Intel processors) are Intel Corporation's processors that interpret computer instructions and process data in computer software. An authenticated attacker could exploit this vulnerability to obtain sensitive information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: microcode_ctl security, bug fix and enhancement update Advisory ID: RHSA-2021:2305-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2305 Issue date: 2021-06-08 CVE Names: CVE-2020-24489 CVE-2020-24511 CVE-2020-24512 CVE-2020-24513 ==================================================================== 1. Summary: An update for microcode_ctl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: The microcode_ctl packages provide microcode updates for Intel. Security Fix(es): * hw: vt-d related privilege escalation (CVE-2020-24489) * hw: improper isolation of shared resources in some Intel Processors (CVE-2020-24511) * hw: observable timing discrepancy in some Intel Processors (CVE-2020-24512) * hw: information disclosure on some Intel Atom processors (CVE-2020-24513) Bug Fix(es) and Enhancement(s): * Update Intel CPU microcode to microcode-20210525 release 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1962650 - CVE-2020-24489 hw: vt-d related privilege escalation 1962666 - CVE-2020-24513 hw: information disclosure on some Intel Atom processors 1962702 - CVE-2020-24511 hw: improper isolation of shared resources in some Intel Processors 1962722 - CVE-2020-24512 hw: observable timing discrepancy in some Intel Processors 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: microcode_ctl-2.1-73.9.el7_9.src.rpm x86_64: microcode_ctl-2.1-73.9.el7_9.x86_64.rpm microcode_ctl-debuginfo-2.1-73.9.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: microcode_ctl-2.1-73.9.el7_9.src.rpm x86_64: microcode_ctl-2.1-73.9.el7_9.x86_64.rpm microcode_ctl-debuginfo-2.1-73.9.el7_9.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: microcode_ctl-2.1-73.9.el7_9.src.rpm x86_64: microcode_ctl-2.1-73.9.el7_9.x86_64.rpm microcode_ctl-debuginfo-2.1-73.9.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: microcode_ctl-2.1-73.9.el7_9.src.rpm x86_64: microcode_ctl-2.1-73.9.el7_9.x86_64.rpm microcode_ctl-debuginfo-2.1-73.9.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-24489 https://access.redhat.com/security/cve/CVE-2020-24511 https://access.redhat.com/security/cve/CVE-2020-24512 https://access.redhat.com/security/cve/CVE-2020-24513 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYMAkjNzjgjWX9erEAQj9Rw//aAXwJWN2Q/e3KJ6n+bdhBXSWxMI+ro7r 86Elrmw3BY2uTNbkjEorxQfON15ZawMJn0eNprNGA4gxRJ1/OlV+bMXcXsHcxdwt 2ndTxSL9G3xd+B3j6L8N2YQAXzCSzJT2ohbFPntZeMDpd6hILbNO+XDmnPu0uEsh E1Rl1BNsQJGoJ9yrrk9hqae2erlB2nTuDwYcNN6YWANkpWxPnzrJBRt115hBL/Xm Gh9vsxTC98/V+TWn0o0gLDUr0sM21KhD2U8F3byxBQB4Kr4Y0X34U12whwHkG95b m+HKj38OHmwhm+JZV68AsVBbnaa4TM3ilccuAVujxcW10IyXZBsmBFoEnIQ5Y7mm X8Bc5goFlKet/cDqwwUDBvjFfXfC61+2N4gRnWp48b8+vojs+T6JsurrCJbRhXjL gy8adoRwG3zNj+0xh7sHjX7XkIYFwrWMxiFHUaJWMV8pfx6NvGJJTiRR6n1+nKJt scM4MX7RUnLlcmRMbN4HpU4Kg7CLqI3dgiJ1XAgIUyB4Xvsb+Ckp/M8EB9I+GLDP Z4feYJ/cplYpSCcRG0xxHsnqrDFgAI0P/KVy9GQeAaXWWVwQzP5vHr+tauLSaEae q4MCBAMQQ69TX2rSLhnwtH1fpVuBsZibIN3QAikZM///peIXrNcmR4jPBVRPU6p+ ulH8AIb5GRA=sYI9 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 1.71

sources: NVD: CVE-2020-24511 // VULHUB: VHN-178397 // PACKETSTORM: 163924 // PACKETSTORM: 163954 // PACKETSTORM: 163956 // PACKETSTORM: 163757 // PACKETSTORM: 163040 // PACKETSTORM: 163043 // PACKETSTORM: 163044 // PACKETSTORM: 163046

AFFECTED PRODUCTS

vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	netapp	model:	solidfire bios	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	hci compute node bios	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	microcode	scope:	lt	version:	20210608	Trust: 1.0
vendor:	netapp	model:	fas\/aff bios	scope:	eq	version:	-	Trust: 1.0

sources: NVD: CVE-2020-24511

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-24511
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202106-634
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-178397
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-24511
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-178397
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-24511
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.0
impactScore:	4.0
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-178397 // CNNVD: CNNVD-202106-634 // NVD: CVE-2020-24511

PROBLEMTYPE DATA

problemtype:

CWE-668

Trust: 1.1

sources: VULHUB: VHN-178397 // NVD: CVE-2020-24511

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-634

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202106-634

PATCH

title:

Intel Processors Repair measures for information disclosure vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=153292

Trust: 0.6

sources: CNNVD: CNNVD-202106-634

EXTERNAL IDS

db:	NVD	id:	CVE-2020-24511	Trust: 2.5
db:	SIEMENS	id:	SSA-309571	Trust: 1.7
db:	PACKETSTORM	id:	163031	Trust: 0.7
db:	PACKETSTORM	id:	163757	Trust: 0.7
db:	CS-HELP	id:	SB2021083127	Trust: 0.6
db:	CS-HELP	id:	SB2021081125	Trust: 0.6
db:	CS-HELP	id:	SB2021080917	Trust: 0.6
db:	CS-HELP	id:	SB2021062128	Trust: 0.6
db:	CS-HELP	id:	SB2021062701	Trust: 0.6
db:	CS-HELP	id:	SB2021081834	Trust: 0.6
db:	PACKETSTORM	id:	163772	Trust: 0.6
db:	PACKETSTORM	id:	163863	Trust: 0.6
db:	PACKETSTORM	id:	163993	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2537	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2905	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2258	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2243	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2088	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2945	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2721	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2010	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2672	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4047	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2797	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3443	Trust: 0.6
db:	LENOVO	id:	LEN-62742	Trust: 0.6
db:	ICS CERT	id:	ICSA-21-222-05	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-634	Trust: 0.6
db:	PACKETSTORM	id:	163044	Trust: 0.2
db:	PACKETSTORM	id:	163040	Trust: 0.2
db:	PACKETSTORM	id:	163043	Trust: 0.2
db:	PACKETSTORM	id:	163046	Trust: 0.2
db:	PACKETSTORM	id:	163037	Trust: 0.1
db:	PACKETSTORM	id:	163047	Trust: 0.1
db:	PACKETSTORM	id:	163042	Trust: 0.1
db:	PACKETSTORM	id:	163048	Trust: 0.1
db:	PACKETSTORM	id:	163032	Trust: 0.1
db:	PACKETSTORM	id:	163036	Trust: 0.1
db:	VULHUB	id:	VHN-178397	Trust: 0.1
db:	PACKETSTORM	id:	163924	Trust: 0.1
db:	PACKETSTORM	id:	163954	Trust: 0.1
db:	PACKETSTORM	id:	163956	Trust: 0.1

sources: VULHUB: VHN-178397 // PACKETSTORM: 163924 // PACKETSTORM: 163954 // PACKETSTORM: 163956 // PACKETSTORM: 163757 // PACKETSTORM: 163040 // PACKETSTORM: 163043 // PACKETSTORM: 163044 // PACKETSTORM: 163046 // CNNVD: CNNVD-202106-634 // NVD: CVE-2020-24511

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20210611-0005/	Trust: 1.7
url:	https://www.debian.org/security/2021/dsa-4934	Trust: 1.7
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html	Trust: 1.7
url:	https://access.redhat.com/security/cve/cve-2020-24511	Trust: 1.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24512	Trust: 0.8
url:	https://access.redhat.com/articles/11258	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2020-24512	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24489	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2020-24489	Trust: 0.8
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.8
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.8
url:	https://access.redhat.com/security/team/key/	Trust: 0.8
url:	https://access.redhat.com/security/team/contact/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24511	Trust: 0.8
url:	https://bugzilla.redhat.com/):	Trust: 0.8
url:	https://packetstormsecurity.com/files/163863/red-hat-security-advisory-2021-3176-01.html	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-62742	Trust: 0.6
url:	https://packetstormsecurity.com/files/163757/red-hat-security-advisory-2021-3027-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021081834	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2537	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6520482	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2243	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2088	Trust: 0.6
url:	https://packetstormsecurity.com/files/163772/red-hat-security-advisory-2021-3029-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021062128	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021062701	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4047	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021081125	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021083127	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-222-05	Trust: 0.6
url:	https://packetstormsecurity.com/files/163993/red-hat-security-advisory-2021-3364-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/163031/red-hat-security-advisory-2021-2299-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2905	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2721	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021080917	Trust: 0.6
url:	https://vigilance.fr/vulnerability/intel-processor-information-disclosure-via-shared-resources-35664	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2945	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2672	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2010	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2258	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2797	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3443	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8696	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-8698	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8698	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-0549	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-0543	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-8695	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8695	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-0549	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-0543	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-8696	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-0548	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-0548	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-24513	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24513	Trust: 0.4
url:	https://access.redhat.com/errata/rhsa-2021:3255	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:3323	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:3322	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:3027	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:2307	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:2301	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:2304	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:2305	Trust: 0.1

CREDITS

Red Hat

Trust: 0.8

sources: PACKETSTORM: 163924 // PACKETSTORM: 163954 // PACKETSTORM: 163956 // PACKETSTORM: 163757 // PACKETSTORM: 163040 // PACKETSTORM: 163043 // PACKETSTORM: 163044 // PACKETSTORM: 163046

SOURCES

db:	VULHUB	id:	VHN-178397
db:	PACKETSTORM	id:	163924
db:	PACKETSTORM	id:	163954
db:	PACKETSTORM	id:	163956
db:	PACKETSTORM	id:	163757
db:	PACKETSTORM	id:	163040
db:	PACKETSTORM	id:	163043
db:	PACKETSTORM	id:	163044
db:	PACKETSTORM	id:	163046
db:	CNNVD	id:	CNNVD-202106-634
db:	NVD	id:	CVE-2020-24511

LAST UPDATE DATE

2025-04-29T23:49:04.181000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-178397	date:	2021-09-09T00:00:00
db:	CNNVD	id:	CNNVD-202106-634	date:	2022-02-10T00:00:00
db:	NVD	id:	CVE-2020-24511	date:	2021-09-09T12:55:19.680

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-178397	date:	2021-06-09T00:00:00
db:	PACKETSTORM	id:	163924	date:	2021-08-27T19:22:22
db:	PACKETSTORM	id:	163954	date:	2021-08-31T15:43:48
db:	PACKETSTORM	id:	163956	date:	2021-08-31T15:44:21
db:	PACKETSTORM	id:	163757	date:	2021-08-09T14:15:37
db:	PACKETSTORM	id:	163040	date:	2021-06-09T13:40:18
db:	PACKETSTORM	id:	163043	date:	2021-06-09T13:40:40
db:	PACKETSTORM	id:	163044	date:	2021-06-09T13:40:48
db:	PACKETSTORM	id:	163046	date:	2021-06-09T13:42:01
db:	CNNVD	id:	CNNVD-202106-634	date:	2021-06-08T00:00:00
db:	NVD	id:	CVE-2020-24511	date:	2021-06-09T19:15:08.897