Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-8696

Опубликовано: 10 нояб. 2020
Источник: redhat
CVSS3: 2.8
EPSS Низкий

Описание

Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5microcode_ctlOut of support scope
Red Hat Enterprise Linux 6microcode_ctlFixedRHSA-2020:508411.11.2020
Red Hat Enterprise Linux 6.5 Advanced Update Supportmicrocode_ctlFixedRHSA-2020:518923.11.2020
Red Hat Enterprise Linux 6.6 Advanced Update Supportmicrocode_ctlFixedRHSA-2020:518423.11.2020
Red Hat Enterprise Linux 7microcode_ctlFixedRHBA-2021:062322.02.2021
Red Hat Enterprise Linux 7microcode_ctlFixedRHSA-2020:508311.11.2020
Red Hat Enterprise Linux 7microcode_ctlFixedRHSA-2021:302809.08.2021
Red Hat Enterprise Linux 7.2 Advanced Update Supportmicrocode_ctlFixedRHBA-2021:062722.02.2021
Red Hat Enterprise Linux 7.2 Advanced Update Supportmicrocode_ctlFixedRHSA-2020:518823.11.2020
Red Hat Enterprise Linux 7.2 Advanced Update Supportmicrocode_ctlFixedRHSA-2021:332331.08.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-212
https://bugzilla.redhat.com/show_bug.cgi?id=1890355hw: Vector Register Leakage-Active

EPSS

Процентиль: 31%
0.00116
Низкий

2.8 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-8696

CVSS3: 5.5
ubuntu
больше 4 лет назад

Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

nvd логотип

CVE-2020-8696

CVSS3: 5.5
nvd
больше 4 лет назад

Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

debian логотип

CVE-2020-8696

CVSS3: 5.5
debian
больше 4 лет назад

Improper removal of sensitive information before storage or transfer i ...

github логотип

GHSA-qrq2-q88f-xpv2

github
около 3 лет назад

Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

fstec логотип

BDU:2020-05478

fstec
почти 5 лет назад

Уязвимость процессоров Intel, связанная с недостатками разграничения доступа, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 31%
0.00116
Низкий

2.8 Low

CVSS3