CVE-2020-8700
https://notcve.org/view.php?id=CVE-2020-8700
Improper input validation in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Una comprobación de entrada inapropiada en el firmware para algunos Intel® Processors puede habilitar a un usuario privilegiado para permitir potencialmente una escalada de privilegios por medio de un acceso local • https://security.netapp.com/advisory/ntap-20210702-0002 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00463.html • CWE-20: Improper Input Validation •
CVE-2020-8670
https://notcve.org/view.php?id=CVE-2020-8670
Race condition in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Una condición de carrera en el firmware de algunos Intel® Processors puede habilitar a un usuario privilegiado para permitir potencialmente una escalada de privilegios por medio de un acceso local • https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf https://security.netapp.com/advisory/ntap-20210702-0002 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00463.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2020-12357
https://notcve.org/view.php?id=CVE-2020-12357
Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Una inicialización inapropiada en el firmware de algunos Intel® Processors puede habilitar a un usuario privilegiado para permitir potencialmente una escalada de privilegios por medio de un acceso local • https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf https://security.netapp.com/advisory/ntap-20210702-0002 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00463.html • CWE-665: Improper Initialization •
CVE-2020-24512 – hw: observable timing discrepancy in some Intel Processors
https://notcve.org/view.php?id=CVE-2020-24512
Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Una discrepancia de sincronización observable en algunos Intel® Processors puede permitir a un usuario autenticado permitir potencialmente una divulgación de información por medio de un acceso local • https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html https://security.netapp.com/advisory/ntap-20210611-0005 https://www.debian.org/security/2021/dsa-4934 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html https://access.redhat.com/security/cve/CVE-2020-24512 https://bugzilla.redhat.com/show_bug.cgi?id=1962722 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVE-2020-24511 – hw: improper isolation of shared resources in some Intel Processors
https://notcve.org/view.php?id=CVE-2020-24511
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Un aislamiento inapropiado de los recursos compartidos en algunos Intel® Processors puede permitir a un usuario autenticado permitir potencialmente una divulgación de información por medio de un acceso local Microcode misconfiguration in some Intel processors may cause EIBRS mitigation (CVE-2017-5715) to be incomplete. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access. • https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html https://security.netapp.com/advisory/ntap-20210611-0005 https://www.debian.org/security/2021/dsa-4934 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html https://access.redhat.com/security/cve/CVE-2020-24511 https://bugzilla.redhat.com/show_bug.cgi?id=1962702 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •