CVE-2020-0548 – hw: Vector Register Data Sampling
https://notcve.org/view.php?id=CVE-2020-0548
Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Unos errores de limpieza en algunos procesadores Intel(R), pueden permitir a un usuario autenticado habilitar potencialmente una divulgación de información por medio del acceso local. A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read by another process or a CPU sibling. The highest threat from this vulnerability is data confidentiality where an attacker could read arbitrary data as it passes through the processor. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00016.html https://lists.debian.org/debian-lts-announce/2020/06/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DT2VKDMQ3I37NBNJ256A2EXR7OJHXXKZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5OUM24ZC43G4IDT3JUCIHJTSDXJSK6Y https://security.netapp.com/advisory/ntap-20200210-0004 https://usn.ubuntu.com/4385-1 https://www.debian.org/security/2020/dsa-47 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-404: Improper Resource Shutdown or Release •
CVE-2019-14615 – kernel: Intel graphics card information leak.
https://notcve.org/view.php?id=CVE-2019-14615
Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access. El flujo de control insuficiente en determinadas estructuras de datos para algunos Procesadores de Intel(R) con Intel(R) Processor Graphics, puede permitir a un usuario no autenticado habilitar potencialmente una divulgación de información por medio de un acceso local. An information disclosure flaw was found in the Linux kernel. The i915 graphics driver lacks control of flow for data structures which may allow a local, authenticated user to disclose information when using ioctl commands with an attached i915 device. The highest threat from this vulnerability is to data confidentiality. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html http://seclists.org/fulldisclosure/2020/Mar/31 https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://support.apple.com/kb/HT211100 https://usn.ubuntu.com/4253-1 https://usn.ubuntu.com/4253-2 https://us • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVE-2019-11157
https://notcve.org/view.php?id=CVE-2019-11157
Improper conditions check in voltage settings for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege and/or information disclosure via local access. Una comprobación de condiciones inapropiadas en la configuración de voltaje para algunos procesadores Intel(R) pueden permitir que un usuario con privilegios pueda permitir la escalada de privilegios y/o la divulgación de información a través del acceso local. • https://security.netapp.com/advisory/ntap-20191217-0001 https://support.f5.com/csp/article/K10321239?utm_source=f5support&%3Butm_medium=RSS https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00289.html •
CVE-2019-14607
https://notcve.org/view.php?id=CVE-2019-14607
Improper conditions check in multiple Intel® Processors may allow an authenticated user to potentially enable partial escalation of privilege, denial of service and/or information disclosure via local access. La verificación de condiciones inadecuadas en múltiples procesadores Intel® puede permitir a un usuario autenticado habilitar potencialmente la escalada parcial de privilegios, la denegación de servicio y / o la divulgación de información a través del acceso local. • https://security.netapp.com/advisory/ntap-20191217-0002 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00317.html https://www.synology.com/security/advisory/Synology_SA_19_42 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVE-2018-12207 – hw: Machine Check Error on Page Size Change (IFU)
https://notcve.org/view.php?id=CVE-2018-12207
Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. Una invalidación inapropiada de las actualizaciones de la tabla de páginas por parte de un sistema operativo invitado virtual para múltiples procesadores Intel® puede habilitar a un usuario autenticado para permitir potencialmente una denegación de servicio del sistema host por medio de un acceso local. A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor, resulting in a severe DoS scenario by halting the processor. System software like OS OR Virtual Machine Monitor (VMM) use virtual memory system for storing program instructions and data in memory. Virtual Memory system uses Paging structures like Page Tables and Page Directories to manage system memory. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html https://access.redhat.com/errata/RHSA-2019:3916 https://access.redhat.com/errata/RHSA-2019:3936 https://access.redhat.com/errata/RHSA-2019:3941 https://access.redhat.com/errata/RHSA-2020:0026 https://access.redhat.com/errata/RHSA-2020:0028 https://access.redhat.com/errata/RHSA-2020:0204 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW https:/ • CWE-20: Improper Input Validation CWE-226: Sensitive Information in Resource Not Removed Before Reuse •