CVE-2020-0543 – hw: Special Register Buffer Data Sampling (SRBDS)
https://notcve.org/view.php?id=CVE-2020-0543
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Una limpieza incompleta de operaciones de lectura de un registro especial específico en algunos Intel® Processors puede permitir a un usuario autenticado habilitar potencialmente una divulgación de información por medio de un acceso local A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html http://www.openwall.com/lists/oss-security/2020/07/14/5 https://cert-portal.siemens.com/productcert/pdf/ssa-534763.pdf https://kc.mcafee.com/corporate/index?page=content&id=SB10318 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message • CWE-459: Incomplete Cleanup •
CVE-2019-0152
https://notcve.org/view.php?id=CVE-2019-0152
Insufficient memory protection in System Management Mode (SMM) and Intel(R) TXT for certain Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Una protección insuficiente de la memoria en el modo System Management (SMM) e Intel® TXT para ciertos procesadores Intel® Xeon®, puede habilitar a un usuario privilegiado para permitir potencialmente una escalada de privilegios por medio de un acceso local. • https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdf https://support.f5.com/csp/article/K34425791?utm_source=f5support&%3Butm_medium=RSS https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03971en_us https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00240.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2019-11137
https://notcve.org/view.php?id=CVE-2019-11137
Insufficient input validation in system firmware for Intel(R) Xeon(R) Scalable Processors, Intel(R) Xeon(R) Processors D Family, Intel(R) Xeon(R) Processors E5 v4 Family, Intel(R) Xeon(R) Processors E7 v4 Family and Intel(R) Atom(R) processor C Series may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. Una comprobación de entrada insuficiente en el firmware del sistema para Intel® Xeon® Scalable Processors, Intel® Xeon® Processors D Family, Intel® Xeon® Processors E5 v4 Family, Intel® Xeon® Processors E7 v4 Family y Intel® Atom® processor C Series, puede habilitar a un usuario privilegiado para permitir una escalada de privilegios, una denegación de servicio y/o una divulgación de información por medio de un acceso local. • https://support.f5.com/csp/article/K56215245?utm_source=f5support&%3Butm_medium=RSS https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03967en_us https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00280.html • CWE-20: Improper Input Validation •
CVE-2019-11136
https://notcve.org/view.php?id=CVE-2019-11136
Insufficient access control in system firmware for Intel(R) Xeon(R) Scalable Processors, 2nd Generation Intel(R) Xeon(R) Scalable Processors and Intel(R) Xeon(R) Processors D Family may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. Un control de acceso insuficiente en el firmware del sistema para Intel® Xeon® Scalable Processors, 2nd Generation Intel® Xeon® Scalable Processors y Intel® Xeon® Processors D Family, puede habilitar a un usuario privilegiado para permitir potencialmente una escalada de privilegios, una denegación de servicio y/o una divulgación de información por medio de un acceso local. • https://support.f5.com/csp/article/K56215245?utm_source=f5support&%3Butm_medium=RSS https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03967en_us https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00280.html •