IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Fedoraproject
  • Fedora
Ibm
  • Aix
  • Power9
  • Vios
Oracle
  • Communications Cloud Native Core Binding Support Function
  • Communications Cloud Native Core Network Exposure Function
  • Communications Cloud Native Core Policy
Redhat
  • Enterprise Linux

Configuration 1 [-]

AND
OR cpe:2.3:a:ibm:vios:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:vios:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:vios:3.1.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:7.1.0:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:7.1.5:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:7.2.0:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:7.2.3:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:7.2.4:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:7.2.5:*:*:*:*:*:*:*
cpe:2.3:o:ibm:power9:-:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 8
kernel-0:4.18.0-372.9.1.el8 cpe:/o:redhat:enterprise_linux:8 RHSA-2022:1988 2022-05-10T00:00:00Z
References
Link Providers
http://www.openwall.com/lists/oss-security/2020/11/20/3 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2020/11/23/1 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/189296 cve-icon cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TITJQPYDWZ4NB2ONJWUXW75KSQIPF35T/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZF4OGZPKTAJJXWHPIFP3LHEWWEMR5LPT/ cve-icon cve-icon
https://lore.kernel.org/linuxppc-dev/20201119231333.361771-1-dja@axtens.net/T/#me4f6a44748747e3327d27cd95200bf7a87486ffc cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2020-4788 cve-icon
https://www.cve.org/CVERecord?id=CVE-2020-4788 cve-icon
https://www.ibm.com/support/pages/node/6370729 cve-icon cve-icon
https://www.openwall.com/lists/oss-security/2020/11/20/3 cve-icon
https://www.oracle.com/security-alerts/cpujul2022.html cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2020-11-20T03:45:13.599036Z

Updated: 2024-09-16T19:05:08.453Z

Reserved: 2019-12-30T00:00:00

Link: CVE-2020-4788

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-11-20T04:15:11.063

Modified: 2023-11-07T03:23:17.007

Link: CVE-2020-4788

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-11-20T00:00:00Z

Links: CVE-2020-4788 - Bugzilla