CVE-2020-24511 - OpenCVE

Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Intel	Microcode
Netapp	Fas\/aff Bios Hci Compute Node Bios Solidfire Bios
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Tus

Configuration 1 [-]

cpe:2.3:o:intel:microcode:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:o:netapp:fas\/aff_bios:-:::::::*
	cpe:2.3:o:netapp:hci_compute_node_bios:-:::::::*
	cpe:2.3:o:netapp:solidfire_bios:-:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6 Extended Lifecycle Support
microcode_ctl-2:1.17-33.33.el6_10	cpe:/o:redhat:rhel_els:6	RHSA-2021:2299	2021-06-09T00:00:00Z
Red Hat Enterprise Linux 7
microcode_ctl-2:2.1-73.9.el7_9	cpe:/o:redhat:enterprise_linux:7	RHSA-2021:2305	2021-06-09T00:00:00Z
microcode_ctl-2:2.1-73.11.el7_9	cpe:/o:redhat:enterprise_linux:7	RHSA-2021:3028	2021-08-09T00:00:00Z
Red Hat Enterprise Linux 7.2 Advanced Update Support
microcode_ctl-2:2.1-12.37.el7_2	cpe:/o:redhat:rhel_aus:7.2	RHSA-2021:2300	2021-06-09T00:00:00Z
microcode_ctl-2:2.1-12.39.el7_2	cpe:/o:redhat:rhel_aus:7.2	RHSA-2021:3323	2021-08-31T00:00:00Z
Red Hat Enterprise Linux 7.3 Advanced Update Support
microcode_ctl-2:2.1-16.40.el7_3	cpe:/o:redhat:rhel_aus:7.3	RHSA-2021:2302	2021-06-09T00:00:00Z
microcode_ctl-2:2.1-16.42.el7_3	cpe:/o:redhat:rhel_aus:7.3	RHSA-2021:3322	2021-08-31T00:00:00Z
Red Hat Enterprise Linux 7.4 Advanced Update Support
microcode_ctl-2:2.1-22.39.el7_4	cpe:/o:redhat:rhel_aus:7.4	RHSA-2021:2301	2021-06-09T00:00:00Z
microcode_ctl-2:2.1-22.41.el7_4	cpe:/o:redhat:rhel_aus:7.4	RHSA-2021:3255	2021-08-24T00:00:00Z
Red Hat Enterprise Linux 7.4 Telco Extended Update Support
microcode_ctl-2:2.1-22.39.el7_4	cpe:/o:redhat:rhel_tus:7.4	RHSA-2021:2301	2021-06-09T00:00:00Z
microcode_ctl-2:2.1-22.41.el7_4	cpe:/o:redhat:rhel_tus:7.4	RHSA-2021:3255	2021-08-24T00:00:00Z
Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions
microcode_ctl-2:2.1-22.39.el7_4	cpe:/o:redhat:rhel_e4s:7.4	RHSA-2021:2301	2021-06-09T00:00:00Z
microcode_ctl-2:2.1-22.41.el7_4	cpe:/o:redhat:rhel_e4s:7.4	RHSA-2021:3255	2021-08-24T00:00:00Z
Red Hat Enterprise Linux 7.6 Advanced Update Support
microcode_ctl-2:2.1-47.21.el7_6	cpe:/o:redhat:rhel_aus:7.6	RHSA-2021:2303	2021-06-09T00:00:00Z
microcode_ctl-2:2.1-47.23.el7_6	cpe:/o:redhat:rhel_aus:7.6	RHSA-2021:3317	2021-08-31T00:00:00Z
Red Hat Enterprise Linux 7.6 Telco Extended Update Support
microcode_ctl-2:2.1-47.21.el7_6	cpe:/o:redhat:rhel_tus:7.6	RHSA-2021:2303	2021-06-09T00:00:00Z
microcode_ctl-2:2.1-47.23.el7_6	cpe:/o:redhat:rhel_tus:7.6	RHSA-2021:3317	2021-08-31T00:00:00Z
Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions
microcode_ctl-2:2.1-47.21.el7_6	cpe:/o:redhat:rhel_e4s:7.6	RHSA-2021:2303	2021-06-09T00:00:00Z
microcode_ctl-2:2.1-47.23.el7_6	cpe:/o:redhat:rhel_e4s:7.6	RHSA-2021:3317	2021-08-31T00:00:00Z
Red Hat Enterprise Linux 7.7 Extended Update Support
microcode_ctl-2:2.1-53.16.el7_7	cpe:/o:redhat:rhel_eus:7.7	RHSA-2021:2304	2021-06-09T00:00:00Z
microcode_ctl-2:2.1-53.18.el7_7	cpe:/o:redhat:rhel_eus:7.7	RHSA-2021:3029	2021-08-10T00:00:00Z
Red Hat Enterprise Linux 8
microcode_ctl-4:20210216-1.20210525.1.el8_4	cpe:/o:redhat:enterprise_linux:8	RHSA-2021:2308	2021-06-09T00:00:00Z
microcode_ctl-4:20210216-1.20210608.1.el8_4	cpe:/o:redhat:enterprise_linux:8	RHSA-2021:3027	2021-08-09T00:00:00Z
Red Hat Enterprise Linux 8.1 Extended Update Support
microcode_ctl-4:20190618-1.20210525.1.el8_1	cpe:/o:redhat:rhel_eus:8.1	RHSA-2021:2306	2021-06-09T00:00:00Z
microcode_ctl-4:20190618-1.20210608.1.el8_1	cpe:/o:redhat:rhel_eus:8.1	RHSA-2021:3176	2021-08-17T00:00:00Z
Red Hat Enterprise Linux 8.2 Extended Update Support
microcode_ctl-4:20191115-4.20210525.1.el8_2	cpe:/o:redhat:rhel_eus:8.2	RHSA-2021:2307	2021-06-09T00:00:00Z
microcode_ctl-4:20191115-4.20210608.1.el8_2	cpe:/o:redhat:rhel_eus:8.2	RHSA-2021:3364	2021-08-31T00:00:00Z

References

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf
https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html
https://nvd.nist.gov/vuln/detail/CVE-2020-24511
https://security.netapp.com/advisory/ntap-20210611-0005/
https://www.cve.org/CVERecord?id=CVE-2020-24511
https://www.debian.org/security/2021/dsa-4934
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2021-06-09T18:53:53

Updated: 2024-08-04T15:12:09.012Z

Reserved: 2020-08-19T00:00:00

Link: CVE-2020-24511

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-06-09T19:15:08.897

Modified: 2021-09-09T12:55:19.680

Link: CVE-2020-24511

Redhat

Severity : Moderate

Publid Date: 2021-06-08T17:00:00Z

Links: CVE-2020-24511 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object