CVE-2020-8703
https://notcve.org/view.php?id=CVE-2020-8703
Improper buffer restrictions in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32 and 15.0.22 may allow a privileged user to potentially enable escalation of privilege via local access. Unas restricciones de búfer inapropiadas en un subsistema en Intel® CSME versiones anteriores a 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32 y 15.0.22 pueden permitir a un usuario privilegiado habilitar potencialmente una escalada de privilegios por medio de un acceso local • https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf https://security.netapp.com/advisory/ntap-20210611-0004 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00459.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2020-24516
https://notcve.org/view.php?id=CVE-2020-24516
Modification of assumed-immutable data in subsystem in Intel(R) CSME versions before 13.0.47, 13.30.17, 14.1.53, 14.5.32, 15.0.22 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. Una modificación de datos supuestamente inmutables en el subsistema en las versiones anteriores a 13.0.47, 13.30.17, 14.1.53, 14.5.32, 15.0.22 de Intel® CSME puede permitir a un usuario no autenticado permitir potencialmente una escalada de privilegios por medio de un acceso físico • https://security.netapp.com/advisory/ntap-20210625-0008 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00459.html •
CVE-2020-24507
https://notcve.org/view.php?id=CVE-2020-24507
Improper initialization in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32, 13.50.11 and 15.0.22 may allow a privileged user to potentially enable information disclosure via local access. Una inicialización inapropiada en un subsistema en Intel® CSME versiones anteriores a 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32, 13.50.11 y 15.0.22 puede habilitar a un usuario privilegiado para permitir potencialmente una divulgación de información por medio de un acceso local • https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf https://security.netapp.com/advisory/ntap-20210611-0004 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00459.html • CWE-665: Improper Initialization •
CVE-2020-24489 – hw: vt-d related privilege escalation
https://notcve.org/view.php?id=CVE-2020-24489
Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access. Una limpieza incompleta en algunos productos Intel® VT-d puede permitir a un usuario autenticado permitir potencialmente una escalada de privilegios por medio de un acceso local A flaw was found in Intel® VT-d products. Entries from the context cache on some types of context cache invalidations may not be properly invalidated which may allow an authenticated user to potentially enable escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html https://www.debian.org/security/2021/dsa-4934 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html https://access.redhat.com/security/cve/CVE-2020-24489 https://bugzilla.redhat.com/show_bug.cgi?id=1962650 • CWE-459: Incomplete Cleanup •
CVE-2020-24513 – hw: information disclosure on some Intel Atom processors
https://notcve.org/view.php?id=CVE-2020-24513
Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Una vulnerabilidad en la ejecución transitoria de omisión de dominios en algunos procesadores Intel Atom® puede permitir a un usuario autenticado permitir potencialmente una divulgación de información por medio de un acceso local A potential domain bypass transient execution vulnerability was discovered on some Intel Atom® processors that uses a microarchitectural incidental channel. Currently this channel can reveal supervisor data in the L1 cache and the contents of recent stores. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access. • https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html https://www.debian.org/security/2021/dsa-4934 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html https://access.redhat.com/security/cve/CVE-2020-24513 https://bugzilla.redhat.com/show_bug.cgi?id=1962666 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •