Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-4788

Опубликовано: 20 нояб. 2020
Источник: redhat
CVSS3: 5.1
EPSS Низкий

Описание

IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.

A flaw was found in the Linux kernel. IBM Power9 processors can speculatively operate on data stored in the L1 cache before it has been completely validated. The attack has limited access to memory and is only able to access memory normally permissible to the execution context. The highest threat from this vulnerability is to data confidentiality.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelWill not fix
Red Hat Enterprise Linux 7kernel-altWill not fix
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise MRG 2kernel-rtNot affected
Red Hat Enterprise Linux 8kernelFixedRHSA-2022:198810.05.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1888433kernel: speculation on incompletely validated data on IBM Power9

EPSS

Процентиль: 42%
0.00198
Низкий

5.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-4788

CVSS3: 4.7
ubuntu
почти 5 лет назад

IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.

nvd логотип

CVE-2020-4788

CVSS3: 4.7
nvd
почти 5 лет назад

IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.

debian логотип

CVE-2020-4788

CVSS3: 4.7
debian
почти 5 лет назад

IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local ...

github логотип

GHSA-fv43-627p-jvmr

CVSS3: 4.7
github
больше 3 лет назад

IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.

fstec логотип

BDU:2021-03412

CVSS3: 4.7
fstec
почти 5 лет назад

Уязвимость ядра операционной системы Linux, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальным данным

EPSS

Процентиль: 42%
0.00198
Низкий

5.1 Medium

CVSS3