{"containers": {"cna": {"affected": [{"product": "Intel(R) Processors", "vendor": "n/a", "versions": [{"status": "affected", "version": "See references"}]}], "descriptions": [{"lang": "en", "value": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."}], "problemTypes": [{"descriptions": [{"description": "information disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-08-10T11:06:20", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20210611-0005/"}, {"name": "DSA-4934", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2021/dsa-4934"}, {"name": "[debian-lts-announce] 20210726 [SECURITY] [DLA 2718-1] intel-microcode security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@intel.com", "ID": "CVE-2020-24512", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Intel(R) Processors", "version": {"version_data": [{"version_value": "See references"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "information disclosure"}]}]}, "references": {"reference_data": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html", "refsource": "MISC", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html"}, {"name": "https://security.netapp.com/advisory/ntap-20210611-0005/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210611-0005/"}, {"name": "DSA-4934", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4934"}, {"name": "[debian-lts-announce] 20210726 [SECURITY] [DLA 2718-1] intel-microcode security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:12:09.097Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20210611-0005/"}, {"name": "DSA-4934", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2021/dsa-4934"}, {"name": "[debian-lts-announce] 20210726 [SECURITY] [DLA 2718-1] intel-microcode security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2020-24512", "datePublished": "2021-06-09T18:53:59", "dateReserved": "2020-08-19T00:00:00", "dateUpdated": "2024-08-04T15:12:09.097Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:microcode:*:*:*:*:*:*:*:*", "matchCriteriaId": "C76EBE1C-570F-485B-B850-9E3BB00240B2", "versionEndExcluding": "20210608", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:fas\\/aff_bios:-:*:*:*:*:*:*:*", "matchCriteriaId": "A714C8D4-9623-43C0-8AF8-8904566AD42C", "vulnerable": true}, {"criteria": "cpe:2.3:o:netapp:hci_compute_node_bios:-:*:*:*:*:*:*:*", "matchCriteriaId": "7C61DF9A-ABDE-44A2-A060-B088428D5064", "vulnerable": true}, {"criteria": "cpe:2.3:o:netapp:solidfire_bios:-:*:*:*:*:*:*:*", "matchCriteriaId": "C3BCF7CA-6C05-4FD5-A965-0F038F63D70A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."}, {"lang": "es", "value": "Una discrepancia de sincronizaci\u00f3n observable en algunos Intel\u00ae Processors puede permitir a un usuario autenticado permitir potencialmente una divulgaci\u00f3n de informaci\u00f3n por medio de un acceso local"}], "id": "CVE-2020-24512", "lastModified": "2024-11-21T05:14:56.830", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-09T19:15:08.930", "references": [{"source": "secure@intel.com", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf"}, {"source": "secure@intel.com", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html"}, {"source": "secure@intel.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210611-0005/"}, {"source": "secure@intel.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4934"}, {"source": "secure@intel.com", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210611-0005/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4934"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-203"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Intel for reporting this issue.", "affected_release": [{"advisory": "RHSA-2021:2299", "cpe": "cpe:/o:redhat:rhel_els:6", "package": "microcode_ctl-2:1.17-33.33.el6_10", "product_name": "Red Hat Enterprise Linux 6 Extended Lifecycle Support", "release_date": "2021-06-09T00:00:00Z"}, {"advisory": "RHSA-2021:2305", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "microcode_ctl-2:2.1-73.9.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2021-06-09T00:00:00Z"}, {"advisory": "RHSA-2021:3028", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "microcode_ctl-2:2.1-73.11.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2021-08-09T00:00:00Z"}, {"advisory": "RHSA-2021:2300", "cpe": "cpe:/o:redhat:rhel_aus:7.2", "package": "microcode_ctl-2:2.1-12.37.el7_2", "product_name": "Red Hat Enterprise Linux 7.2 Advanced Update Support", "release_date": "2021-06-09T00:00:00Z"}, {"advisory": "RHSA-2021:3323", "cpe": "cpe:/o:redhat:rhel_aus:7.2", "package": "microcode_ctl-2:2.1-12.39.el7_2", "product_name": "Red Hat Enterprise Linux 7.2 Advanced Update Support", "release_date": "2021-08-31T00:00:00Z"}, {"advisory": "RHSA-2021:2302", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "microcode_ctl-2:2.1-16.40.el7_3", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2021-06-09T00:00:00Z"}, {"advisory": "RHSA-2021:3322", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "microcode_ctl-2:2.1-16.42.el7_3", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2021-08-31T00:00:00Z"}, {"advisory": "RHSA-2021:2301", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "microcode_ctl-2:2.1-22.39.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2021-06-09T00:00:00Z"}, {"advisory": "RHSA-2021:3255", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "microcode_ctl-2:2.1-22.41.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2021-08-24T00:00:00Z"}, {"advisory": "RHSA-2021:2301", "cpe": "cpe:/o:redhat:rhel_tus:7.4", "package": "microcode_ctl-2:2.1-22.39.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Telco Extended Update Support", "release_date": "2021-06-09T00:00:00Z"}, {"advisory": "RHSA-2021:3255", "cpe": "cpe:/o:redhat:rhel_tus:7.4", "package": "microcode_ctl-2:2.1-22.41.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Telco Extended Update Support", "release_date": "2021-08-24T00:00:00Z"}, {"advisory": "RHSA-2021:2301", "cpe": "cpe:/o:redhat:rhel_e4s:7.4", "package": "microcode_ctl-2:2.1-22.39.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions", "release_date": "2021-06-09T00:00:00Z"}, {"advisory": "RHSA-2021:3255", "cpe": "cpe:/o:redhat:rhel_e4s:7.4", "package": "microcode_ctl-2:2.1-22.41.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions", "release_date": "2021-08-24T00:00:00Z"}, {"advisory": "RHSA-2021:2303", "cpe": "cpe:/o:redhat:rhel_aus:7.6", "package": "microcode_ctl-2:2.1-47.21.el7_6", "product_name": "Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)", "release_date": "2021-06-09T00:00:00Z"}, {"advisory": "RHSA-2021:3317", "cpe": "cpe:/o:redhat:rhel_aus:7.6", "package": "microcode_ctl-2:2.1-47.23.el7_6", "product_name": "Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)", "release_date": "2021-08-31T00:00:00Z"}, {"advisory": "RHSA-2021:2303", "cpe": "cpe:/o:redhat:rhel_tus:7.6", "package": "microcode_ctl-2:2.1-47.21.el7_6", "product_name": "Red Hat Enterprise Linux 7.6 Telco Extended Update Support", "release_date": "2021-06-09T00:00:00Z"}, {"advisory": "RHSA-2021:3317", "cpe": "cpe:/o:redhat:rhel_tus:7.6", "package": "microcode_ctl-2:2.1-47.23.el7_6", "product_name": "Red Hat Enterprise Linux 7.6 Telco Extended Update Support", "release_date": "2021-08-31T00:00:00Z"}, {"advisory": "RHSA-2021:2303", "cpe": "cpe:/o:redhat:rhel_e4s:7.6", "package": "microcode_ctl-2:2.1-47.21.el7_6", "product_name": "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions", "release_date": "2021-06-09T00:00:00Z"}, {"advisory": "RHSA-2021:3317", "cpe": "cpe:/o:redhat:rhel_e4s:7.6", "package": "microcode_ctl-2:2.1-47.23.el7_6", "product_name": "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions", "release_date": "2021-08-31T00:00:00Z"}, {"advisory": "RHSA-2021:2304", "cpe": "cpe:/o:redhat:rhel_eus:7.7", "package": "microcode_ctl-2:2.1-53.16.el7_7", "product_name": "Red Hat Enterprise Linux 7.7 Extended Update Support", "release_date": "2021-06-09T00:00:00Z"}, {"advisory": "RHSA-2021:3029", "cpe": "cpe:/o:redhat:rhel_eus:7.7", "package": "microcode_ctl-2:2.1-53.18.el7_7", "product_name": "Red Hat Enterprise Linux 7.7 Extended Update Support", "release_date": "2021-08-10T00:00:00Z"}, {"advisory": "RHSA-2021:2308", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "microcode_ctl-4:20210216-1.20210525.1.el8_4", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-06-09T00:00:00Z"}, {"advisory": "RHSA-2021:3027", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "microcode_ctl-4:20210216-1.20210608.1.el8_4", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-08-09T00:00:00Z"}, {"advisory": "RHSA-2021:2306", "cpe": "cpe:/o:redhat:rhel_eus:8.1", "package": "microcode_ctl-4:20190618-1.20210525.1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2021-06-09T00:00:00Z"}, {"advisory": "RHSA-2021:3176", "cpe": "cpe:/o:redhat:rhel_eus:8.1", "package": "microcode_ctl-4:20190618-1.20210608.1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2021-08-17T00:00:00Z"}, {"advisory": "RHSA-2021:2307", "cpe": "cpe:/o:redhat:rhel_eus:8.2", "package": "microcode_ctl-4:20191115-4.20210525.1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-06-09T00:00:00Z"}, {"advisory": "RHSA-2021:3364", "cpe": "cpe:/o:redhat:rhel_eus:8.2", "package": "microcode_ctl-4:20191115-4.20210608.1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-08-31T00:00:00Z"}], "bugzilla": {"description": "hw: observable timing discrepancy in some Intel Processors", "id": "1962722", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"}, "csaw": false, "cvss3": {"cvss3_base_score": "2.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-200", "details": ["Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."], "name": "CVE-2020-24512", "public_date": "2021-06-08T17:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-24512\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-24512"], "threat_severity": "Low"}