{"containers": {"cna": {"affected": [{"product": "Intel(R) Processors", "vendor": "n/a", "versions": [{"status": "affected", "version": "See references"}]}], "descriptions": [{"lang": "en", "value": "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."}], "problemTypes": [{"descriptions": [{"description": "information disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-08-10T11:06:39", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20210611-0005/"}, {"name": "DSA-4934", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2021/dsa-4934"}, {"name": "[debian-lts-announce] 20210726 [SECURITY] [DLA 2718-1] intel-microcode security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@intel.com", "ID": "CVE-2020-24511", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Intel(R) Processors", "version": {"version_data": [{"version_value": "See references"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "information disclosure"}]}]}, "references": {"reference_data": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html", "refsource": "MISC", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html"}, {"name": "https://security.netapp.com/advisory/ntap-20210611-0005/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210611-0005/"}, {"name": "DSA-4934", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4934"}, {"name": "[debian-lts-announce] 20210726 [SECURITY] [DLA 2718-1] intel-microcode security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:12:09.012Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20210611-0005/"}, {"name": "DSA-4934", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2021/dsa-4934"}, {"name": "[debian-lts-announce] 20210726 [SECURITY] [DLA 2718-1] intel-microcode security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2020-24511", "datePublished": "2021-06-09T18:53:53", "dateReserved": "2020-08-19T00:00:00", "dateUpdated": "2024-08-04T15:12:09.012Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:microcode:*:*:*:*:*:*:*:*", "matchCriteriaId": "C76EBE1C-570F-485B-B850-9E3BB00240B2", "versionEndExcluding": "20210608", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:fas\\/aff_bios:-:*:*:*:*:*:*:*", "matchCriteriaId": "A714C8D4-9623-43C0-8AF8-8904566AD42C", "vulnerable": true}, {"criteria": "cpe:2.3:o:netapp:hci_compute_node_bios:-:*:*:*:*:*:*:*", "matchCriteriaId": "7C61DF9A-ABDE-44A2-A060-B088428D5064", "vulnerable": true}, {"criteria": "cpe:2.3:o:netapp:solidfire_bios:-:*:*:*:*:*:*:*", "matchCriteriaId": "C3BCF7CA-6C05-4FD5-A965-0F038F63D70A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."}, {"lang": "es", "value": "Un aislamiento inapropiado de los recursos compartidos en algunos Intel\u00ae Processors puede permitir a un usuario autenticado permitir potencialmente una divulgaci\u00f3n de informaci\u00f3n por medio de un acceso local"}], "id": "CVE-2020-24511", "lastModified": "2024-11-21T05:14:56.703", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-09T19:15:08.897", "references": [{"source": "secure@intel.com", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf"}, {"source": "secure@intel.com", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html"}, {"source": "secure@intel.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210611-0005/"}, {"source": "secure@intel.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4934"}, {"source": "secure@intel.com", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210611-0005/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4934"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-668"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Intel for reporting this issue.", "affected_release": [{"advisory": "RHSA-2021:2299", "cpe": "cpe:/o:redhat:rhel_els:6", "package": "microcode_ctl-2:1.17-33.33.el6_10", "product_name": "Red Hat Enterprise Linux 6 Extended Lifecycle Support", "release_date": "2021-06-09T00:00:00Z"}, {"advisory": "RHSA-2021:2305", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "microcode_ctl-2:2.1-73.9.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2021-06-09T00:00:00Z"}, {"advisory": "RHSA-2021:3028", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "microcode_ctl-2:2.1-73.11.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2021-08-09T00:00:00Z"}, {"advisory": "RHSA-2021:2300", "cpe": "cpe:/o:redhat:rhel_aus:7.2", "package": "microcode_ctl-2:2.1-12.37.el7_2", "product_name": "Red Hat Enterprise Linux 7.2 Advanced Update Support", "release_date": "2021-06-09T00:00:00Z"}, {"advisory": "RHSA-2021:3323", "cpe": "cpe:/o:redhat:rhel_aus:7.2", "package": "microcode_ctl-2:2.1-12.39.el7_2", "product_name": "Red Hat Enterprise Linux 7.2 Advanced Update Support", "release_date": "2021-08-31T00:00:00Z"}, {"advisory": "RHSA-2021:2302", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "microcode_ctl-2:2.1-16.40.el7_3", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2021-06-09T00:00:00Z"}, {"advisory": "RHSA-2021:3322", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "microcode_ctl-2:2.1-16.42.el7_3", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2021-08-31T00:00:00Z"}, {"advisory": "RHSA-2021:2301", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "microcode_ctl-2:2.1-22.39.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2021-06-09T00:00:00Z"}, {"advisory": "RHSA-2021:3255", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "microcode_ctl-2:2.1-22.41.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2021-08-24T00:00:00Z"}, {"advisory": "RHSA-2021:2301", "cpe": "cpe:/o:redhat:rhel_tus:7.4", "package": "microcode_ctl-2:2.1-22.39.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Telco Extended Update Support", "release_date": "2021-06-09T00:00:00Z"}, {"advisory": "RHSA-2021:3255", "cpe": "cpe:/o:redhat:rhel_tus:7.4", "package": "microcode_ctl-2:2.1-22.41.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Telco Extended Update Support", "release_date": "2021-08-24T00:00:00Z"}, {"advisory": "RHSA-2021:2301", "cpe": "cpe:/o:redhat:rhel_e4s:7.4", "package": "microcode_ctl-2:2.1-22.39.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions", "release_date": "2021-06-09T00:00:00Z"}, {"advisory": "RHSA-2021:3255", "cpe": "cpe:/o:redhat:rhel_e4s:7.4", "package": "microcode_ctl-2:2.1-22.41.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions", "release_date": "2021-08-24T00:00:00Z"}, {"advisory": "RHSA-2021:2303", "cpe": "cpe:/o:redhat:rhel_aus:7.6", "package": "microcode_ctl-2:2.1-47.21.el7_6", "product_name": "Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)", "release_date": "2021-06-09T00:00:00Z"}, {"advisory": "RHSA-2021:3317", "cpe": "cpe:/o:redhat:rhel_aus:7.6", "package": "microcode_ctl-2:2.1-47.23.el7_6", "product_name": "Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)", "release_date": "2021-08-31T00:00:00Z"}, {"advisory": "RHSA-2021:2303", "cpe": "cpe:/o:redhat:rhel_tus:7.6", "package": "microcode_ctl-2:2.1-47.21.el7_6", "product_name": "Red Hat Enterprise Linux 7.6 Telco Extended Update Support", "release_date": "2021-06-09T00:00:00Z"}, {"advisory": "RHSA-2021:3317", "cpe": "cpe:/o:redhat:rhel_tus:7.6", "package": "microcode_ctl-2:2.1-47.23.el7_6", "product_name": "Red Hat Enterprise Linux 7.6 Telco Extended Update Support", "release_date": "2021-08-31T00:00:00Z"}, {"advisory": "RHSA-2021:2303", "cpe": "cpe:/o:redhat:rhel_e4s:7.6", "package": "microcode_ctl-2:2.1-47.21.el7_6", "product_name": "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions", "release_date": "2021-06-09T00:00:00Z"}, {"advisory": "RHSA-2021:3317", "cpe": "cpe:/o:redhat:rhel_e4s:7.6", "package": "microcode_ctl-2:2.1-47.23.el7_6", "product_name": "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions", "release_date": "2021-08-31T00:00:00Z"}, {"advisory": "RHSA-2021:2304", "cpe": "cpe:/o:redhat:rhel_eus:7.7", "package": "microcode_ctl-2:2.1-53.16.el7_7", "product_name": "Red Hat Enterprise Linux 7.7 Extended Update Support", "release_date": "2021-06-09T00:00:00Z"}, {"advisory": "RHSA-2021:3029", "cpe": "cpe:/o:redhat:rhel_eus:7.7", "package": "microcode_ctl-2:2.1-53.18.el7_7", "product_name": "Red Hat Enterprise Linux 7.7 Extended Update Support", "release_date": "2021-08-10T00:00:00Z"}, {"advisory": "RHSA-2021:2308", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "microcode_ctl-4:20210216-1.20210525.1.el8_4", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-06-09T00:00:00Z"}, {"advisory": "RHSA-2021:3027", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "microcode_ctl-4:20210216-1.20210608.1.el8_4", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-08-09T00:00:00Z"}, {"advisory": "RHSA-2021:2306", "cpe": "cpe:/o:redhat:rhel_eus:8.1", "package": "microcode_ctl-4:20190618-1.20210525.1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2021-06-09T00:00:00Z"}, {"advisory": "RHSA-2021:3176", "cpe": "cpe:/o:redhat:rhel_eus:8.1", "package": "microcode_ctl-4:20190618-1.20210608.1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2021-08-17T00:00:00Z"}, {"advisory": "RHSA-2021:2307", "cpe": "cpe:/o:redhat:rhel_eus:8.2", "package": "microcode_ctl-4:20191115-4.20210525.1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-06-09T00:00:00Z"}, {"advisory": "RHSA-2021:3364", "cpe": "cpe:/o:redhat:rhel_eus:8.2", "package": "microcode_ctl-4:20191115-4.20210608.1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-08-31T00:00:00Z"}], "bugzilla": {"description": "hw: improper isolation of shared resources in some Intel Processors", "id": "1962702", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-200", "details": ["Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", "Microcode misconfiguration in some Intel processors may cause EIBRS mitigation (CVE-2017-5715) to be incomplete. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access."], "name": "CVE-2020-24511", "public_date": "2021-06-08T17:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-24511\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-24511"], "threat_severity": "Moderate"}