CVE-2020-24513 - Vulnerability Details

Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00019.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Intel	Atom C3308 Atom C3336 Atom C3338 Atom C3338r Atom C3436l Atom C3508 Atom C3538 Atom C3558 Atom C3558r Atom C3558rc Atom C3708 Atom C3750 Atom C3758 Atom C3758r Atom C3808 Atom C3830 Atom C3850 Atom C3858 Atom C3950 Atom C3955 Atom C3958 Atom P5942b Atom X5-a3930 Atom X5-a3940 Atom X5-a3950 Atom X5-a3960 Atom X6200fe Atom X6211e Atom X6212re Atom X6413e Atom X6425e Atom X6425re Atom X6427fe Celeron J3355 Celeron J3355e Celeron J3455 Celeron J3455e Celeron J4005 Celeron J4025 Celeron J4105 Celeron J4125 Celeron J6413 Celeron N3350 Celeron N3350e Celeron N3450 Celeron N4000 Celeron N4020 Celeron N4100 Celeron N4120 Celeron N6211 Core I3-l13g4 Core I5-l16g7 P5921b P5931b P5962b Pentium J4205 Pentium J6425 Pentium N4200 Pentium N4200e Pentium N6415 Pentium Silver J5005 Pentium Silver J5040 Pentium Silver N5000 Pentium Silver N5030
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Tus
Siemens	Simatic Drive Controller Simatic Drive Controller Firmware Simatic Et 200sp Open Controller Simatic Et 200sp Open Controller Firmware Simatic Ipc127e Simatic Ipc127e Firmware

Configuration 1 [-]

OR	cpe:2.3:h:intel:atom_c3308:-:::::::*
	cpe:2.3:h:intel:atom_c3336:-:::::::*
	cpe:2.3:h:intel:atom_c3338:-:::::::*
	cpe:2.3:h:intel:atom_c3338r:-:::::::*
	cpe:2.3:h:intel:atom_c3436l:-:::::::*
	cpe:2.3:h:intel:atom_c3508:-:::::::*
	cpe:2.3:h:intel:atom_c3538:-:::::::*
	cpe:2.3:h:intel:atom_c3558:-:::::::*
	cpe:2.3:h:intel:atom_c3558r:-:::::::*
	cpe:2.3:h:intel:atom_c3558rc:-:::::::*
	cpe:2.3:h:intel:atom_c3708:-:::::::*
	cpe:2.3:h:intel:atom_c3750:-:::::::*
	cpe:2.3:h:intel:atom_c3758:-:::::::*
	cpe:2.3:h:intel:atom_c3758r:-:::::::*
	cpe:2.3:h:intel:atom_c3808:-:::::::*
	cpe:2.3:h:intel:atom_c3830:-:::::::*
	cpe:2.3:h:intel:atom_c3850:-:::::::*
	cpe:2.3:h:intel:atom_c3858:-:::::::*
	cpe:2.3:h:intel:atom_c3950:-:::::::*
	cpe:2.3:h:intel:atom_c3955:-:::::::*
	cpe:2.3:h:intel:atom_c3958:-:::::::*
	cpe:2.3:h:intel:atom_p5942b:-:::::::*
	cpe:2.3:h:intel:atom_x5-a3930:-:::::::*
	cpe:2.3:h:intel:atom_x5-a3940:-:::::::*
	cpe:2.3:h:intel:atom_x5-a3950:-:::::::*
	cpe:2.3:h:intel:atom_x5-a3960:-:::::::*
	cpe:2.3:h:intel:atom_x6200fe:-:::::::*
	cpe:2.3:h:intel:atom_x6211e:-:::::::*
	cpe:2.3:h:intel:atom_x6212re:-:::::::*
	cpe:2.3:h:intel:atom_x6413e:-:::::::*
	cpe:2.3:h:intel:atom_x6425e:-:::::::*
	cpe:2.3:h:intel:atom_x6425re:-:::::::*
	cpe:2.3:h:intel:atom_x6427fe:-:::::::*
	cpe:2.3:h:intel:celeron_j3355:-:::::::*
	cpe:2.3:h:intel:celeron_j3355e:-:::::::*
	cpe:2.3:h:intel:celeron_j3455:-:::::::*
	cpe:2.3:h:intel:celeron_j3455e:-:::::::*
	cpe:2.3:h:intel:celeron_j4005:-:::::::*
	cpe:2.3:h:intel:celeron_j4025:-:::::::*
	cpe:2.3:h:intel:celeron_j4105:-:::::::*
	cpe:2.3:h:intel:celeron_j4125:-:::::::*
	cpe:2.3:h:intel:celeron_j6413:-:::::::*
	cpe:2.3:h:intel:celeron_n3350:-:::::::*
	cpe:2.3:h:intel:celeron_n3350e:-:::::::*
	cpe:2.3:h:intel:celeron_n3450:-:::::::*
	cpe:2.3:h:intel:celeron_n4000:-:::::::*
	cpe:2.3:h:intel:celeron_n4020:-:::::::*
	cpe:2.3:h:intel:celeron_n4100:-:::::::*
	cpe:2.3:h:intel:celeron_n4120:-:::::::*
	cpe:2.3:h:intel:celeron_n6211:-:::::::*
	cpe:2.3:h:intel:core_i3-l13g4:-:::::::*
	cpe:2.3:h:intel:core_i5-l16g7:-:::::::*
	cpe:2.3:h:intel:p5921b:-:::::::*
	cpe:2.3:h:intel:p5931b:-:::::::*
	cpe:2.3:h:intel:p5962b:-:::::::*
	cpe:2.3:h:intel:pentium_j4205:-:::::::*
	cpe:2.3:h:intel:pentium_j6425:-:::::::*
	cpe:2.3:h:intel:pentium_n4200:-:::::::*
	cpe:2.3:h:intel:pentium_n4200e:-:::::::*
	cpe:2.3:h:intel:pentium_n6415:-:::::::*
	cpe:2.3:h:intel:pentium_silver_j5005:-:::::::*
	cpe:2.3:h:intel:pentium_silver_j5040:-:::::::*
	cpe:2.3:h:intel:pentium_silver_n5000:-:::::::*
	cpe:2.3:h:intel:pentium_silver_n5030:-:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

Configuration 3 [-]

AND

cpe:2.3:o:siemens:simatic_drive_controller_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_drive_controller:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:siemens:simatic_et_200sp_open_controller_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_et_200sp_open_controller:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:siemens:simatic_ipc127e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6 Extended Lifecycle Support
microcode_ctl-2:1.17-33.33.el6_10	cpe:/o:redhat:rhel_els:6	RHSA-2021:2299	2021-06-09T00:00:00Z
Red Hat Enterprise Linux 7
microcode_ctl-2:2.1-73.9.el7_9	cpe:/o:redhat:enterprise_linux:7	RHSA-2021:2305	2021-06-09T00:00:00Z
Red Hat Enterprise Linux 7.2 Advanced Update Support
microcode_ctl-2:2.1-12.37.el7_2	cpe:/o:redhat:rhel_aus:7.2	RHSA-2021:2300	2021-06-09T00:00:00Z
Red Hat Enterprise Linux 7.3 Advanced Update Support
microcode_ctl-2:2.1-16.40.el7_3	cpe:/o:redhat:rhel_aus:7.3	RHSA-2021:2302	2021-06-09T00:00:00Z
Red Hat Enterprise Linux 7.4 Advanced Update Support
microcode_ctl-2:2.1-22.39.el7_4	cpe:/o:redhat:rhel_aus:7.4	RHSA-2021:2301	2021-06-09T00:00:00Z
Red Hat Enterprise Linux 7.4 Telco Extended Update Support
microcode_ctl-2:2.1-22.39.el7_4	cpe:/o:redhat:rhel_tus:7.4	RHSA-2021:2301	2021-06-09T00:00:00Z
Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions
microcode_ctl-2:2.1-22.39.el7_4	cpe:/o:redhat:rhel_e4s:7.4	RHSA-2021:2301	2021-06-09T00:00:00Z
Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)
microcode_ctl-2:2.1-47.21.el7_6	cpe:/o:redhat:rhel_aus:7.6	RHSA-2021:2303	2021-06-09T00:00:00Z
Red Hat Enterprise Linux 7.6 Telco Extended Update Support
microcode_ctl-2:2.1-47.21.el7_6	cpe:/o:redhat:rhel_tus:7.6	RHSA-2021:2303	2021-06-09T00:00:00Z
Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions
microcode_ctl-2:2.1-47.21.el7_6	cpe:/o:redhat:rhel_e4s:7.6	RHSA-2021:2303	2021-06-09T00:00:00Z
Red Hat Enterprise Linux 7.7 Extended Update Support
microcode_ctl-2:2.1-53.16.el7_7	cpe:/o:redhat:rhel_eus:7.7	RHSA-2021:2304	2021-06-09T00:00:00Z
Red Hat Enterprise Linux 8
microcode_ctl-4:20210216-1.20210525.1.el8_4	cpe:/o:redhat:enterprise_linux:8	RHSA-2021:2308	2021-06-09T00:00:00Z
Red Hat Enterprise Linux 8.1 Extended Update Support
microcode_ctl-4:20190618-1.20210525.1.el8_1	cpe:/o:redhat:rhel_eus:8.1	RHSA-2021:2306	2021-06-09T00:00:00Z
Red Hat Enterprise Linux 8.2 Extended Update Support
microcode_ctl-4:20191115-4.20210525.1.el8_2	cpe:/o:redhat:rhel_eus:8.2	RHSA-2021:2307	2021-06-09T00:00:00Z

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-2718-1	intel-microcode security update
Debian DSA	DSA-4934-1	intel-microcode security update
EUVD	EUVD-2020-17233	Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Ubuntu USN	USN-4985-1	Intel Microcode vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf
https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html
https://nvd.nist.gov/vuln/detail/CVE-2020-24513
https://www.cve.org/CVERecord?id=CVE-2020-24513
https://www.debian.org/security/2021/dsa-4934
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2021-06-09T18:54:08

Updated: 2024-08-04T15:12:08.752Z

Reserved: 2020-08-19T00:00:00

Link: CVE-2020-24513

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-06-09T19:15:08.963

Modified: 2024-11-21T05:14:56.957

Link: CVE-2020-24513

Redhat

Severity : Moderate

Publid Date: 2021-06-08T17:00:00Z

Links: CVE-2020-24513 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object