CVE-2020-8695 – hw: Information disclosure issue in Intel SGX via RAPL interface
https://notcve.org/view.php?id=CVE-2020-8695
Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. Una discrepancia observable en la interfaz RAPL para algunos Intel® Processors, puede habilitar a un usuario privilegiado para permitir potencialmente una divulgación de información por medio de un acceso local A vulnerability was found in Intel's implementation of RAPL (Running Average Power Limit). An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem. • https://lists.debian.org/debian-lts-announce/2021/02/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQ24MFBVH3HJW3PNRQBRY4YXKC7GA57W https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRFC7UAPKAFFH5WX3AMDUBVHLKYQA2NZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAAGIK5CXKBPGY3R4UR5VO56M7MKLZ43 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEM2FZWVE4FNGYNQU3WCBAWT • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVE-2020-8694
https://notcve.org/view.php?id=CVE-2020-8694
Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Un control de acceso insuficiente en el controlador del kernel de Linux para algunos Intel® Processors, puede habilitar a un usuario autenticado para permitir potencialmente una divulgación de información por medio de un acceso local • https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389 •
CVE-2020-0543 – hw: Special Register Buffer Data Sampling (SRBDS)
https://notcve.org/view.php?id=CVE-2020-0543
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Una limpieza incompleta de operaciones de lectura de un registro especial específico en algunos Intel® Processors puede permitir a un usuario autenticado habilitar potencialmente una divulgación de información por medio de un acceso local A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html http://www.openwall.com/lists/oss-security/2020/07/14/5 https://cert-portal.siemens.com/productcert/pdf/ssa-534763.pdf https://kc.mcafee.com/corporate/index?page=content&id=SB10318 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message • CWE-459: Incomplete Cleanup •
CVE-2019-14615 – kernel: Intel graphics card information leak.
https://notcve.org/view.php?id=CVE-2019-14615
Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access. El flujo de control insuficiente en determinadas estructuras de datos para algunos Procesadores de Intel(R) con Intel(R) Processor Graphics, puede permitir a un usuario no autenticado habilitar potencialmente una divulgación de información por medio de un acceso local. An information disclosure flaw was found in the Linux kernel. The i915 graphics driver lacks control of flow for data structures which may allow a local, authenticated user to disclose information when using ioctl commands with an attached i915 device. The highest threat from this vulnerability is to data confidentiality. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html http://seclists.org/fulldisclosure/2020/Mar/31 https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://support.apple.com/kb/HT211100 https://usn.ubuntu.com/4253-1 https://usn.ubuntu.com/4253-2 https://us • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVE-2019-11157
https://notcve.org/view.php?id=CVE-2019-11157
Improper conditions check in voltage settings for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege and/or information disclosure via local access. Una comprobación de condiciones inapropiadas en la configuración de voltaje para algunos procesadores Intel(R) pueden permitir que un usuario con privilegios pueda permitir la escalada de privilegios y/o la divulgación de información a través del acceso local. • https://security.netapp.com/advisory/ntap-20191217-0001 https://support.f5.com/csp/article/K10321239?utm_source=f5support&%3Butm_medium=RSS https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00289.html •