CVE-2020-4788
kernel: speculation on incompletely validated data on IBM Power9
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.
Los procesadores IBM Power9 (AIX versiones 7.1, 7.2 y VIOS versión 3.1), podrían permitir a un usuario local obtener información confidencial de los datos en la caché L1 en circunstancias atenuantes. IBM X-Force ID: 189296
A flaw was found in the Linux kernel. IBM Power9 processors can speculatively operate on data stored in the L1 cache before it has been completely validated. The attack has limited access to memory and is only able to access memory normally permissible to the execution context. The highest threat from this vulnerability is to data confidentiality.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-12-30 CVE Reserved
- 2020-11-20 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2020/11/23/1 | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.openwall.com/lists/oss-security/2020/11/20/3 | 2023-11-07 | |
https://www.ibm.com/support/pages/node/6370729 | 2023-11-07 | |
https://www.oracle.com/security-alerts/cpujul2022.html | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Ibm Search vendor "Ibm" | Vios Search vendor "Ibm" for product "Vios" | 3.1.0 Search vendor "Ibm" for product "Vios" and version "3.1.0" | - |
Affected
| in | Ibm Search vendor "Ibm" | Power9 Search vendor "Ibm" for product "Power9" | - | - |
Safe
|
Ibm Search vendor "Ibm" | Vios Search vendor "Ibm" for product "Vios" | 3.1.1 Search vendor "Ibm" for product "Vios" and version "3.1.1" | - |
Affected
| in | Ibm Search vendor "Ibm" | Power9 Search vendor "Ibm" for product "Power9" | - | - |
Safe
|
Ibm Search vendor "Ibm" | Vios Search vendor "Ibm" for product "Vios" | 3.1.2 Search vendor "Ibm" for product "Vios" and version "3.1.2" | - |
Affected
| in | Ibm Search vendor "Ibm" | Power9 Search vendor "Ibm" for product "Power9" | - | - |
Safe
|
Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 7.1.0 Search vendor "Ibm" for product "Aix" and version "7.1.0" | - |
Affected
| in | Ibm Search vendor "Ibm" | Power9 Search vendor "Ibm" for product "Power9" | - | - |
Safe
|
Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 7.1.5 Search vendor "Ibm" for product "Aix" and version "7.1.5" | - |
Affected
| in | Ibm Search vendor "Ibm" | Power9 Search vendor "Ibm" for product "Power9" | - | - |
Safe
|
Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 7.2.0 Search vendor "Ibm" for product "Aix" and version "7.2.0" | - |
Affected
| in | Ibm Search vendor "Ibm" | Power9 Search vendor "Ibm" for product "Power9" | - | - |
Safe
|
Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 7.2.3 Search vendor "Ibm" for product "Aix" and version "7.2.3" | - |
Affected
| in | Ibm Search vendor "Ibm" | Power9 Search vendor "Ibm" for product "Power9" | - | - |
Safe
|
Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 7.2.4 Search vendor "Ibm" for product "Aix" and version "7.2.4" | - |
Affected
| in | Ibm Search vendor "Ibm" | Power9 Search vendor "Ibm" for product "Power9" | - | - |
Safe
|
Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 7.2.5 Search vendor "Ibm" for product "Aix" and version "7.2.5" | - |
Affected
| in | Ibm Search vendor "Ibm" | Power9 Search vendor "Ibm" for product "Power9" | - | - |
Safe
|
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 32 Search vendor "Fedoraproject" for product "Fedora" and version "32" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Cloud Native Core Binding Support Function Search vendor "Oracle" for product "Communications Cloud Native Core Binding Support Function" | 22.1.3 Search vendor "Oracle" for product "Communications Cloud Native Core Binding Support Function" and version "22.1.3" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Cloud Native Core Network Exposure Function Search vendor "Oracle" for product "Communications Cloud Native Core Network Exposure Function" | 22.1.1 Search vendor "Oracle" for product "Communications Cloud Native Core Network Exposure Function" and version "22.1.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Cloud Native Core Policy Search vendor "Oracle" for product "Communications Cloud Native Core Policy" | 22.2.0 Search vendor "Oracle" for product "Communications Cloud Native Core Policy" and version "22.2.0" | - |
Affected
|