CVSS: 5.5EPSS: 0%CPEs: 983EXPL: 0CVE-2022-26373 – hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions
https://notcve.org/view.php?id=CVE-2022-26373
Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. Una compartición no transparente de objetivos de predicción de retorno entre contextos en algunos procesadores Intel(R) puede permitir que un usuario autorizado permita potencialmente la divulgación de información por medio de acceso local. A flaw was found in hw. In certain processors with Intel's Enhanced Indirect Branch Restricted Speculation (eIBRS) capabilities, soon after VM exit or IBPB command event, the linear address following the most recent near CALL instruction prior to a VM exit may be used as the Return Stack Buffer (RSB) prediction. • https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://security.netapp.com/advisory/ntap-20221007-0005 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00706.html https://access.redhat.com/security/cve/CVE-2022-26373 https://bugzilla.redhat.com/show_bug.cgi?id=2115065 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 502EXPL: 0CVE-2020-8696 – hw: Vector Register Leakage-Active
https://notcve.org/view.php?id=CVE-2020-8696
Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Una eliminación inapropiada de información confidencial antes del almacenamiento o transferencia en algunos Intel® Processors, puede habilitar a un usuario autenticado para permitir potencialmente una divulgación de información por medio de un acceso local A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state. • https://lists.debian.org/debian-lts-announce/2021/02/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAAGIK5CXKBPGY3R4UR5VO56M7MKLZ43 https://security.netapp.com/advisory/ntap-20201113-0006 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381 https://access.redhat.com/security/cve/CVE-2020-8696 https://bugzilla.redhat.com/show_bug.cgi?id=1890355 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 5.6EPSS: 0%CPEs: 1321EXPL: 0CVE-2020-0551
https://notcve.org/view.php?id=CVE-2020-0551
Load value injection in some Intel(R) Processors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. The list of affected products is provided in intel-sa-00334: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html Una inyección de valor de carga en algunos Procesadores Intel® que utilizan una ejecución especulativa puede permitir a un usuario autenticado habilitar potencialmente una divulgación de información por medio de un canal lateral con acceso local. La lista de productos afectados es proporcionada en intel-sa-00334: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html • https://security.netapp.com/advisory/ntap-20200320-0002 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html •
CVSS: 5.3EPSS: 0%CPEs: 892EXPL: 0CVE-2019-14607
https://notcve.org/view.php?id=CVE-2019-14607
Improper conditions check in multiple Intel® Processors may allow an authenticated user to potentially enable partial escalation of privilege, denial of service and/or information disclosure via local access. La verificación de condiciones inadecuadas en múltiples procesadores Intel® puede permitir a un usuario autenticado habilitar potencialmente la escalada parcial de privilegios, la denegación de servicio y / o la divulgación de información a través del acceso local. • https://security.netapp.com/advisory/ntap-20191217-0002 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00317.html https://www.synology.com/security/advisory/Synology_SA_19_42 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.2EPSS: 0%CPEs: 260EXPL: 0CVE-2019-0152
https://notcve.org/view.php?id=CVE-2019-0152
Insufficient memory protection in System Management Mode (SMM) and Intel(R) TXT for certain Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Una protección insuficiente de la memoria en el modo System Management (SMM) e Intel® TXT para ciertos procesadores Intel® Xeon®, puede habilitar a un usuario privilegiado para permitir potencialmente una escalada de privilegios por medio de un acceso local. • https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdf https://support.f5.com/csp/article/K34425791?utm_source=f5support&%3Butm_medium=RSS https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03971en_us https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00240.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •