CVE-2020-24512

Summary

CVE	CVE-2020-24512
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-06-09 19:15:00 UTC
Updated	2021-09-09 12:56:00 UTC
Description	Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Risk And Classification

Problem Types: CWE-203

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	10.0	All	All	All
Application	Intel	Microcode	All	All	All	All
Operating System	Intel	Microcode	All	All	All	All
Operating System	Netapp	Fas/aff Bios	-	All	All	All
Operating System	Netapp	Hci Compute Node Bios	-	All	All	All
Operating System	Netapp	Solidfire Bios	-	All	All	All

References

Reference	Source	Link	Tags
cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf	CONFIRM	cert-portal.siemens.com
INTEL-SA-00464	MISC	www.intel.com
Intel SA-00464 Intel Processor Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
Debian -- Security Information -- DSA-4934-1 intel-microcode	DEBIAN	www.debian.org
[SECURITY] [DLA 2718-1] intel-microcode security update	MLIST	lists.debian.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

159257 Oracle Enterprise Linux Security Update for microcode_ctl (ELSA-2021-2305)
159284 Oracle Enterprise Linux Security Update for microcode_ctl (ELSA-2021-2308)
159327 Oracle Enterprise Linux Security Update for microcode_ctl (ELSA-2021-3027)
159328 Oracle Enterprise Linux Security Update for microcode_ctl (ELSA-2021-3028)
178683 Debian Security Update for intel-microcode (DSA 4934-1)
178725 Debian Security Update for intel-microcode (DLA 2718-1)
198411 Ubuntu Security Notification for Intel Microcode vulnerabilities (USN-4985-1)
239405 Red Hat Update for microcode_ctl (RHSA-2021:2308)
239406 Red Hat Update for microcode_ctl (RHSA-2021:2307)
239407 Red Hat Update for microcode_ctl (RHSA-2021:2306)
239408 Red Hat Update for microcode_ctl (RHSA-2021:2305)
239409 Red Hat Update for microcode_ctl (RHSA-2021:2304)
239444 Red Hat Update for microcode_ctl (RHSA-2021:2306)
239533 Red Hat Update for microcode_ctl (RHSA-2021:3029)
239534 Red Hat Update for microcode_ctl (RHSA-2021:3028)
239535 Red Hat Update for microcode_ctl (RHSA-2021:3027)
239569 Red Hat Update for microcode_ctl (RHSA-2021:3176)
239598 Red Hat Update for microcode_ctl (RHSA-2021:3364)
257102 CentOS Security Update for microcode_ctl (CESA-2021:3028)
376933 Alibaba Cloud Linux Security Update for microcode_ctl (ALINUX3-SA-2021:0040)
377088 Alibaba Cloud Linux Security Update for microcode_ctl (ALINUX2-SA-2021:0047)
377112 Alibaba Cloud Linux Security Update for microcode_ctl (ALINUX3-SA-2021:0057)
377204 Alibaba Cloud Linux Security Update for microcode_ctl (ALINUX2-SA-2021:0038)
590761 Siemens Industrial Products Intel CPUs (Update B) Multiple Vulnerabilities (ICSA-21-222-05)
750142 SUSE Enterprise Linux Security Update for ucode-intel (SUSE-SU-2021:1929-1)
750145 SUSE Enterprise Linux Security Update for ucode-intel (SUSE-SU-2021:1932-1)
750146 SUSE Enterprise Linux Security Update for ucode-intel (SUSE-SU-2021:1931-1)
750147 SUSE Enterprise Linux Security Update for ucode-intel (SUSE-SU-2021:1930-1)
750150 SUSE Enterprise Linux Security Update for ucode-intel (SUSE-SU-2021:1933-1)
750645 OpenSUSE Security Update for ucode-intel (openSUSE-SU-2021:0876-1)
750817 OpenSUSE Security Update for ucode-intel (openSUSE-SU-2021:1933-1)
940294 AlmaLinux Security Update for microcode_ctl (ALSA-2021:2308)
940391 AlmaLinux Security Update for microcode_ctl (ALSA-2021:3027)
960001 Rocky Linux Security Update for microcode_ctl (RLSA-2021:2308)
960737 Rocky Linux Security Update for microcode_ctl (RLSA-2021:3027)