CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 1CVE-2021-26314 – AMD Speculative execution with Floating-Point Value Injection
https://notcve.org/view.php?id=CVE-2021-26314
Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage. Una inyección de valor de punto flotante potencial en todos los productos de CPU compatibles, junto con las vulnerabilidades de software relacionadas con la ejecución especulativa con resultados de punto flotante incorrectos, puede causar el uso de datos incorrectos de FPVI y puede resultar en una filtración de datos • http://www.openwall.com/lists/oss-security/2021/06/09/2 http://www.openwall.com/lists/oss-security/2021/06/10/1 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H36U6CNREC436W6GYO7QUMJIVEA35SCV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVA2NY26MMXOODUMYZN5DCU3FXMBMBOB https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003 • CWE-203: Observable Discrepancy CWE-208: Observable Timing Discrepancy •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2021-26313 – AMD Speculative Code Store Bypass
https://notcve.org/view.php?id=CVE-2021-26313
Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage. Una potencial omisión de almacenamiento de código especulativo en todos los productos de CPU compatibles, junto con las vulnerabilidades de software relacionadas con la ejecución especulativa de instrucciones sobrescritas, puede causar una especulación inapropiada y podría resultar en una filtración de datos • https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003 • CWE-203: Observable Discrepancy CWE-208: Observable Timing Discrepancy •
CVSS: 6.7EPSS: 0%CPEs: 483EXPL: 0CVE-2020-0593
https://notcve.org/view.php?id=CVE-2020-0593
Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Unas restricciones de búfer inapropiadas en el firmware del BIOS para algunos Intel® Processors, pueden habilitar a un usuario privilegiado para permitir potencialmente una escalada de privilegios por medio de un acceso local • https://security.netapp.com/advisory/ntap-20201113-0001 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00358 •
CVSS: 5.5EPSS: 0%CPEs: 736EXPL: 0CVE-2020-8695 – hw: Information disclosure issue in Intel SGX via RAPL interface
https://notcve.org/view.php?id=CVE-2020-8695
Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. Una discrepancia observable en la interfaz RAPL para algunos Intel® Processors, puede habilitar a un usuario privilegiado para permitir potencialmente una divulgación de información por medio de un acceso local A vulnerability was found in Intel's implementation of RAPL (Running Average Power Limit). An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem. • https://lists.debian.org/debian-lts-announce/2021/02/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQ24MFBVH3HJW3PNRQBRY4YXKC7GA57W https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRFC7UAPKAFFH5WX3AMDUBVHLKYQA2NZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAAGIK5CXKBPGY3R4UR5VO56M7MKLZ43 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEM2FZWVE4FNGYNQU3WCBAWT • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 5.5EPSS: 0%CPEs: 502EXPL: 0CVE-2020-8696 – hw: Vector Register Leakage-Active
https://notcve.org/view.php?id=CVE-2020-8696
Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Una eliminación inapropiada de información confidencial antes del almacenamiento o transferencia en algunos Intel® Processors, puede habilitar a un usuario autenticado para permitir potencialmente una divulgación de información por medio de un acceso local A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state. • https://lists.debian.org/debian-lts-announce/2021/02/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAAGIK5CXKBPGY3R4UR5VO56M7MKLZ43 https://security.netapp.com/advisory/ntap-20201113-0006 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381 https://access.redhat.com/security/cve/CVE-2020-8696 https://bugzilla.redhat.com/show_bug.cgi?id=1890355 https://access.redhat.com/articles/5569051 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •