{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka \"straight-line speculation.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-18T20:06:15", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions"}, {"tags": ["x_refsource_MISC"], "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://gcc.gnu.org/pipermail/gcc-patches/2020-June/547520.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html"}, {"name": "openSUSE-SU-2020:1692", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00040.html"}, {"name": "openSUSE-SU-2020:1693", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00039.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-13844", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka \"straight-line speculation.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability", "refsource": "CONFIRM", "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"}, {"name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions", "refsource": "CONFIRM", "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions"}, {"name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation", "refsource": "MISC", "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation"}, {"name": "https://gcc.gnu.org/pipermail/gcc-patches/2020-June/547520.html", "refsource": "CONFIRM", "url": "https://gcc.gnu.org/pipermail/gcc-patches/2020-June/547520.html"}, {"name": "http://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html", "refsource": "CONFIRM", "url": "http://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html"}, {"name": "openSUSE-SU-2020:1692", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00040.html"}, {"name": "openSUSE-SU-2020:1693", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00039.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:32:13.103Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://gcc.gnu.org/pipermail/gcc-patches/2020-June/547520.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html"}, {"name": "openSUSE-SU-2020:1692", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00040.html"}, {"name": "openSUSE-SU-2020:1693", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00039.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-13844", "datePublished": "2020-06-08T22:46:03", "dateReserved": "2020-06-04T00:00:00", "dateUpdated": "2024-08-04T12:32:13.103Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a32_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "2A2DAFCD-0C51-412A-9CC9-F55112A93958", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a32:-:*:*:*:*:*:*:*", "matchCriteriaId": "049894EE-B2FB-45D9-A372-098F169075AB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a35_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "75367522-84C2-4E5C-8A4C-1CA351D152E6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a35:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1CA84F9-EC36-4A57-BABC-8E74770D5327", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a53_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "35B01CAB-2DD1-47D5-A331-B6C7A658C5D5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a53:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FF65826-F828-421F-8009-5AA5D25387E6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a57_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "68D895EC-B0A9-4292-AC64-60673F72C765", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a57:-:*:*:*:*:*:*:*", "matchCriteriaId": "B00CD88D-5649-403F-A55A-BD49427D30FA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a72_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "38768B2B-F1A3-4A76-8716-9520CA075F3D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a72:-:*:*:*:*:*:*:*", "matchCriteriaId": "16E23102-964E-485D-8EFF-4B1BBFE6EDE4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a73_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7173A6DC-4D4E-424C-A922-C16D67627834", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a73:-:*:*:*:*:*:*:*", "matchCriteriaId": "33B1374D-59E8-4FE5-AC6C-0323AB1DD60D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a34_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "54C5AF1F-673C-4AB6-98B4-53407C1A88EA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a34:-:*:*:*:*:*:*:*", "matchCriteriaId": "075E31EF-1A88-4B29-99A4-475942FF5C7B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka \"straight-line speculation.\""}, {"lang": "es", "value": "Las implementaciones principales de Arm Armv8-A, que usan la ejecuci\u00f3n especulativa m\u00e1s all\u00e1 de los cambios incondicionales en el flujo de control pueden permitir una divulgaci\u00f3n no autorizada de informaci\u00f3n a un atacante con acceso de usuario local por medio de un an\u00e1lisis de canal lateral, tambi\u00e9n se conoce como \"straight-line speculation.\""}], "id": "CVE-2020-13844", "lastModified": "2022-04-28T19:30:58.157", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-08T23:15:10.047", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00039.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00040.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://gcc.gnu.org/pipermail/gcc-patches/2020-June/547520.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-203"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: ARM straight-line speculation vulnerability", "id": "1848279", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848279"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-200", "details": ["Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka \"straight-line speculation.\"", "A new speculative side-channel vulnerability was found that affects the ARM processor's code, 'Straight-line speculation.' This flaw allows a local attacker to infer cache contents through measuring timing access. The highest threat from this vulnerability is to confidentiality."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2020-13844", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2020-06-07T14:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-13844\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-13844\nhttp://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13844"], "threat_severity": "Moderate"}