Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2020-05479

Опубликовано: 12 нояб. 2020
Источник: fstec
CVSS2: 2.1
EPSS Низкий

Описание

Уязвимость процессоров Intel связана с недостатками разграничения доступа. Эксплуатация уязвимости может позволить нарушителю раскрыть защищаемую информацию

Вендор

Red Hat Inc.
Сообщество свободного программного обеспечения
ООО «РусБИТех-Астра»
Novell Inc.
Intel Corp.

Наименование ПО

Red Hat Enterprise Linux
Debian GNU/Linux
Astra Linux Special Edition
SUSE Linux Enterprise Server for SAP Applications
SUSE OpenStack Cloud
Astra Linux Common Edition
SUSE Linux Enterprise Module for Basesystem
SUSE Enterprise Storage
Suse Linux Enterprise Server
SUSE Linux Enterprise Point of Sale
SUSE OpenStack Cloud Crowbar
HPE Helion Openstack
SUSE Linux Enterprise High Performance Computing
11th Generation Intel Core

Версия ПО

6 (Red Hat Enterprise Linux)
7 (Red Hat Enterprise Linux)
6.5 Advanced Update Support (Red Hat Enterprise Linux)
6.6 Advanced Update Support (Red Hat Enterprise Linux)
5 (Red Hat Enterprise Linux)
9 (Debian GNU/Linux)
1.6 «Смоленск» (Astra Linux Special Edition)
12 SP2 (SUSE Linux Enterprise Server for SAP Applications)
12 SP2-BCL (SUSE Linux Enterprise Server for SAP Applications)
12 SP2-ESPOS (SUSE Linux Enterprise Server for SAP Applications)
12 SP2-LTSS (SUSE Linux Enterprise Server for SAP Applications)
12 SP3 (SUSE Linux Enterprise Server for SAP Applications)
12 SP4 (SUSE Linux Enterprise Server for SAP Applications)
7 (SUSE OpenStack Cloud)
8.0 (Debian GNU/Linux)
2.12 «Орёл» (Astra Linux Common Edition)
8 (Red Hat Enterprise Linux)
15 SP1 (SUSE Linux Enterprise Module for Basesystem)
5 (SUSE Enterprise Storage)
12 SP2-BCL (Suse Linux Enterprise Server)
12 SP2-ESPOS (Suse Linux Enterprise Server)
11 SP3 (SUSE Linux Enterprise Point of Sale)
11 SP4 (SUSE Linux Enterprise Server for SAP Applications)
15 (SUSE Linux Enterprise Server for SAP Applications)
11 SP4-LTSS (Suse Linux Enterprise Server)
12 SP2-LTSS (Suse Linux Enterprise Server)
12 SP3-LTSS (Suse Linux Enterprise Server)
8 (SUSE OpenStack Cloud)
12 SP3-BCL (Suse Linux Enterprise Server)
12 SP5 (Suse Linux Enterprise Server)
12 SP3-BCL (SUSE Linux Enterprise Server for SAP Applications)
12 SP3-LTSS (SUSE Linux Enterprise Server for SAP Applications)
12 SP5 (SUSE Linux Enterprise Server for SAP Applications)
8 (SUSE OpenStack Cloud Crowbar)
10 (Debian GNU/Linux)
12 SP2-CLIEN (SUSE Linux Enterprise Point of Sale)
7.6 Extended Update Support (Red Hat Enterprise Linux)
8 (HPE Helion Openstack)
12 SP3-ESPOS (Suse Linux Enterprise Server)
12 SP3-ESPOS (SUSE Linux Enterprise Server for SAP Applications)
7.2 Advanced Update Support (Red Hat Enterprise Linux)
9 (SUSE OpenStack Cloud)
9 (SUSE OpenStack Cloud Crowbar)
15-ESPOS (SUSE Linux Enterprise High Performance Computing)
15-LTSS (SUSE Linux Enterprise High Performance Computing)
15-LTSS (Suse Linux Enterprise Server)
7.4 US for SAP Solutions (Red Hat Enterprise Linux)
7.3 Advanced Update Support (Red Hat Enterprise Linux)
7.3 Telco Extended Update Support (Red Hat Enterprise Linux)
7.3 Update Services for SAP Solutions (Red Hat Enterprise Linux)
7.4 Telco Extended Update Support (Red Hat Enterprise Linux)
8.0 Update Services for SAP Solutions (Red Hat Enterprise Linux)
7.4 Advanced Update Support (Red Hat Enterprise Linux)
15 SP2 (SUSE Linux Enterprise Module for Basesystem)
12 SP4 LTSS (Suse Linux Enterprise Server)
12 SP4-ESPOS (Suse Linux Enterprise Server)
12 SP4-LTSS (SUSE Linux Enterprise Server for SAP Applications)
12 SP4-ESPOS (SUSE Linux Enterprise Server for SAP Applications)
7.7 Extended Update Support (Red Hat Enterprise Linux)
- (11th Generation Intel Core)
8.2 Extended Update Support (Red Hat Enterprise Linux)
1.7 (Astra Linux Special Edition)

Тип ПО

Операционная система
Прикладное ПО информационных систем
Микропрограммный код

Операционные системы и аппаратные платформы

Red Hat Inc. Red Hat Enterprise Linux 6
Red Hat Inc. Red Hat Enterprise Linux 7
Red Hat Inc. Red Hat Enterprise Linux 6.5 Advanced Update Support
Red Hat Inc. Red Hat Enterprise Linux 6.6 Advanced Update Support
Red Hat Inc. Red Hat Enterprise Linux 5
Red Hat Inc. Red Hat Enterprise Linux 6
Red Hat Inc. Red Hat Enterprise Linux 7
Сообщество свободного программного обеспечения Debian GNU/Linux 9
ООО «РусБИТех-Астра» Astra Linux Special Edition 1.6 «Смоленск»
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2-BCL
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2-ESPOS
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2-LTSS
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP4
Сообщество свободного программного обеспечения Debian GNU/Linux 8.0
ООО «РусБИТех-Астра» Astra Linux Common Edition 2.12 «Орёл»
Red Hat Inc. Red Hat Enterprise Linux 8
Novell Inc. Suse Linux Enterprise Server 12 SP2-BCL
Novell Inc. Suse Linux Enterprise Server 12 SP2-ESPOS
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 11 SP4
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15
Novell Inc. Suse Linux Enterprise Server 11 SP4-LTSS
Novell Inc. Suse Linux Enterprise Server 12 SP2-LTSS
Novell Inc. Suse Linux Enterprise Server 12 SP3-LTSS
Novell Inc. Suse Linux Enterprise Server 12 SP3-BCL
Novell Inc. Suse Linux Enterprise Server 12 SP5
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3-BCL
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3-LTSS
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP5
Сообщество свободного программного обеспечения Debian GNU/Linux 10
Red Hat Inc. Red Hat Enterprise Linux 7.6 Extended Update Support
Novell Inc. Suse Linux Enterprise Server 12 SP3-ESPOS
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3-ESPOS
Red Hat Inc. Red Hat Enterprise Linux 7.2 Advanced Update Support
Red Hat Inc. Red Hat Enterprise Linux 6.5 Advanced Update Support
Red Hat Inc. Red Hat Enterprise Linux 6.6 Advanced Update Support
Novell Inc. Suse Linux Enterprise Server 15-LTSS
Red Hat Inc. Red Hat Enterprise Linux 7.4 US for SAP Solutions
Red Hat Inc. Red Hat Enterprise Linux 7.3 Advanced Update Support
Red Hat Inc. Red Hat Enterprise Linux 7.3 Telco Extended Update Support
Red Hat Inc. Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions
Red Hat Inc. Red Hat Enterprise Linux 7.4 Telco Extended Update Support
Red Hat Inc. Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions
Red Hat Inc. Red Hat Enterprise Linux 7.4 Advanced Update Support
Red Hat Inc. Red Hat Enterprise Linux 6.5
Novell Inc. Suse Linux Enterprise Server 12 SP4 LTSS
Novell Inc. Suse Linux Enterprise Server 12 SP4-ESPOS
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP4-LTSS
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP4-ESPOS
Red Hat Inc. Red Hat Enterprise Linux 7.7 Extended Update Support
Red Hat Inc. Red Hat Enterprise Linux 8.2 Extended Update Support
ООО «РусБИТех-Астра» Astra Linux Special Edition 1.7

Уровень опасности уязвимости

Низкий уровень опасности (базовая оценка CVSS 2.0 составляет 2,1)

Возможные меры по устранению уязвимости

Использование рекомендаций производителя:
Для программных продуктов Intel Corp.:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2020-8698/
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2020-8698
Для Debian:
https://security-tracker.debian.org/tracker/CVE-2020-8698
Для Astra Linux:
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16
https://wiki.astralinux.ru/pages/viewpage.action?pageId=47416144
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 21%
0.00065
Низкий

2.1 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2020-8698

CVSS3: 5.5
ubuntu
больше 4 лет назад

Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

redhat логотип

CVE-2020-8698

CVSS3: 5.5
redhat
больше 4 лет назад

Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

nvd логотип

CVE-2020-8698

CVSS3: 5.5
nvd
больше 4 лет назад

Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

debian логотип

CVE-2020-8698

CVSS3: 5.5
debian
больше 4 лет назад

Improper isolation of shared resources in some Intel(R) Processors may ...

github логотип

GHSA-9636-925v-53qr

CVSS3: 5.5
github
около 3 лет назад

Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

EPSS

Процентиль: 21%
0.00065
Низкий

2.1 Low

CVSS2