CVE-2023-23908
https://notcve.org/view.php?id=CVE-2023-23908
Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access. • http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00836.html https://lists.debian.org/debian-lts-announce/2023/08/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKREYYTWUY7ZDNIB2N6H5BUJ3LE5VZPE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OL7WI2TJCWSZIQP2RIOLWHOKLM25M44J https://security.netapp.com/advisory/ntap-20230824-0003 https://www.debian.org/security/2023/dsa-5474 • CWE-284: Improper Access Control •
CVE-2022-40982 – hw: Intel: Gather Data Sampling (GDS) side channel vulnerability
https://notcve.org/view.php?id=CVE-2022-40982
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. La exposición de información a través del estado microarquitectónico tras la ejecución transitoria en determinadas unidades de ejecución vectorial de algunos procesadores Intel(R) puede permitir a un usuario autenticado la divulgación potencial de información a través del acceso local. A Gather Data Sampling (GDS) transient execution side-channel vulnerability was found affecting certain Intel processors. This issue may allow a local attacker using gather instruction (load from memory) to infer stale data from previously used vector registers on the same physical core. • http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html https://access.redhat.com/solutions/7027704 https://aws.amazon.com/security/security-bulletins/AWS-2023-007 https://downfall.page https://lists.debian.org/debian-lts-announce/2023/08/msg00013.html https://lists.debian.org/debian-lts-announce/2023/08/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR https://lists.fedoraproject.org • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy CWE-1342: Information Exposure through Microarchitectural State after Transient Execution •
CVE-2020-24512 – hw: observable timing discrepancy in some Intel Processors
https://notcve.org/view.php?id=CVE-2020-24512
Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Una discrepancia de sincronización observable en algunos Intel® Processors puede permitir a un usuario autenticado permitir potencialmente una divulgación de información por medio de un acceso local • https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html https://security.netapp.com/advisory/ntap-20210611-0005 https://www.debian.org/security/2021/dsa-4934 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html https://access.redhat.com/security/cve/CVE-2020-24512 https://bugzilla.redhat.com/show_bug.cgi?id=1962722 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVE-2020-24511 – hw: improper isolation of shared resources in some Intel Processors
https://notcve.org/view.php?id=CVE-2020-24511
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Un aislamiento inapropiado de los recursos compartidos en algunos Intel® Processors puede permitir a un usuario autenticado permitir potencialmente una divulgación de información por medio de un acceso local Microcode misconfiguration in some Intel processors may cause EIBRS mitigation (CVE-2017-5715) to be incomplete. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access. • https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html https://security.netapp.com/advisory/ntap-20210611-0005 https://www.debian.org/security/2021/dsa-4934 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html https://access.redhat.com/security/cve/CVE-2020-24511 https://bugzilla.redhat.com/show_bug.cgi?id=1962702 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •