CVE-2020-24511
hw: improper isolation of shared resources in some Intel Processors
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Un aislamiento inapropiado de los recursos compartidos en algunos Intel® Processors puede permitir a un usuario autenticado permitir potencialmente una divulgación de información por medio de un acceso local
Microcode misconfiguration in some Intel processors may cause EIBRS mitigation (CVE-2017-5715) to be incomplete. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-08-19 CVE Reserved
- 2021-06-09 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-668: Exposure of Resource to Wrong Sphere
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf | Third Party Advisory |
|
| https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20210611-0005 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.debian.org/security/2021/dsa-4934 | 2021-09-09 | |
| https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html | 2021-09-09 | |
| https://access.redhat.com/security/cve/CVE-2020-24511 | 2021-08-31 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1962702 | 2021-08-31 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Intel Search vendor "Intel" | Microcode Search vendor "Intel" for product "Microcode" | < 20210608 Search vendor "Intel" for product "Microcode" and version " < 20210608" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Fas\/aff Bios Search vendor "Netapp" for product "Fas\/aff Bios" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Hci Compute Node Bios Search vendor "Netapp" for product "Hci Compute Node Bios" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Solidfire Bios Search vendor "Netapp" for product "Solidfire Bios" | - | - |
Affected
| ||||||