CVE-2021-0146
https://notcve.org/view.php?id=CVE-2021-0146
Hardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access. El hardware permite la activación de la lógica de prueba o depuración en tiempo de ejecución para algunos procesadores Intel®, lo que puede permitir a un usuario no autenticado habilitar potencialmente una escalada de privilegios por medio del acceso físico • https://security.netapp.com/advisory/ntap-20211210-0006 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html •
CVE-2020-24489 – hw: vt-d related privilege escalation
https://notcve.org/view.php?id=CVE-2020-24489
Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access. Una limpieza incompleta en algunos productos Intel® VT-d puede permitir a un usuario autenticado permitir potencialmente una escalada de privilegios por medio de un acceso local A flaw was found in Intel® VT-d products. Entries from the context cache on some types of context cache invalidations may not be properly invalidated which may allow an authenticated user to potentially enable escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html https://www.debian.org/security/2021/dsa-4934 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html https://access.redhat.com/security/cve/CVE-2020-24489 https://bugzilla.redhat.com/show_bug.cgi?id=1962650 • CWE-459: Incomplete Cleanup •
CVE-2020-24513 – hw: information disclosure on some Intel Atom processors
https://notcve.org/view.php?id=CVE-2020-24513
Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Una vulnerabilidad en la ejecución transitoria de omisión de dominios en algunos procesadores Intel Atom® puede permitir a un usuario autenticado permitir potencialmente una divulgación de información por medio de un acceso local A potential domain bypass transient execution vulnerability was discovered on some Intel Atom® processors that uses a microarchitectural incidental channel. Currently this channel can reveal supervisor data in the L1 cache and the contents of recent stores. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access. • https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html https://www.debian.org/security/2021/dsa-4934 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html https://access.redhat.com/security/cve/CVE-2020-24513 https://bugzilla.redhat.com/show_bug.cgi?id=1962666 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2020-0599
https://notcve.org/view.php?id=CVE-2020-0599
Improper access control in the PMC for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. El control de acceso inapropiado en el PMC para algunos procesadores Intel®, puede habilitar a un usuario privilegiado para permitir potencialmente una escalada de privilegios por medio de un acceso local • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00360 •
CVE-2020-0559
https://notcve.org/view.php?id=CVE-2020-0559
Insecure inherited permissions in some Intel(R) PROSet/Wireless WiFi products on Windows* 7 and 8.1 before version 21.40.5.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Unos permisos heredados no seguros en algunos productos Intel® PROSet/Wireless WiFi en Windows* versiones 7 y 8.1 anteriores a versión 21.40.5.1, pueden permitir a un usuario autenticado habilitar potencialmente una escalada de privilegios por medio de un acceso local • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00355.html https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00360.html • CWE-732: Incorrect Permission Assignment for Critical Resource •