CVE-2020-4788

LOW

Description

IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.

References

http://www.openwall.com/lists/oss-security/2020/11/20/3

http://www.openwall.com/lists/oss-security/2020/11/23/1

https://exchange.xforce.ibmcloud.com/vulnerabilities/189296

https://lists.fedoraproject.org/archives/list/[email protected]/message/TITJQPYDWZ4NB2ONJWUXW75KSQIPF35T/

https://lists.fedoraproject.org/archives/list/[email protected]/message/ZF4OGZPKTAJJXWHPIFP3LHEWWEMR5LPT/

https://www.ibm.com/support/pages/node/6370729

Details

Source: MITRE

Published: 2020-11-20

Updated: 2020-12-03

Risk Information

CVSS v2.0

Base Score: 1.9

Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.4

Severity: LOW

CVSS v3.0

Base Score: 4.7

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 1

Severity: MEDIUM

Vulnerable Software

Configuration 1

AND

OR

cpe:2.3:o:ibm:aix:7.1.0:*:*:*:*:*:*:*

cpe:2.3:o:ibm:aix:7.1.5:*:*:*:*:*:*:*

cpe:2.3:o:ibm:aix:7.2.0:*:*:*:*:*:*:*

cpe:2.3:o:ibm:aix:7.2.3:*:*:*:*:*:*:*

cpe:2.3:o:ibm:aix:7.2.4:*:*:*:*:*:*:*

cpe:2.3:o:ibm:aix:7.2.5:*:*:*:*:*:*:*

cpe:2.3:o:ibm:vios:3.1.0:*:*:*:*:*:*:*

cpe:2.3:o:ibm:vios:3.1.1:*:*:*:*:*:*:*

cpe:2.3:o:ibm:vios:3.1.2:*:*:*:*:*:*:*

OR

cpe:2.3:o:ibm:power9:-:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Tenable Plugins

View all (28 total)

IDNameProductFamilySeverity
148041EulerOS 2.0 SP5 : kernel (EulerOS-SA-2021-1684)NessusHuawei Local Security Checks
high
147588EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2021-1386)NessusHuawei Local Security Checks
high
146511SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0452-1)NessusSuSE Local Security Checks
high
146474SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0438-1)NessusSuSE Local Security Checks
high
146470SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0434-1)NessusSuSE Local Security Checks
high
146282openSUSE Security Update : RT kernel (openSUSE-2021-242)NessusSuSE Local Security Checks
high
145287openSUSE Security Update : the Linux Kernel (openSUSE-2021-75)NessusSuSE Local Security Checks
high
145120SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0133-1)NessusSuSE Local Security Checks
high
145018SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:0118-1)NessusSuSE Local Security Checks
high
144914SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0098-1)NessusSuSE Local Security Checks
high
144752Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4681-1)NessusUbuntu Local Security Checks
high
144313openSUSE Security Update : the Linux Kernel (openSUSE-2020-2260)NessusSuSE Local Security Checks
high
144259SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3798-1)NessusSuSE Local Security Checks
high
144168EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-2514)NessusHuawei Local Security Checks
high
144143SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3764-1)NessusSuSE Local Security Checks
high
144101SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:3748-1)NessusSuSE Local Security Checks
high
143542openSUSE Security Update : the Linux Kernel (openSUSE-2020-2193)NessusSuSE Local Security Checks
high
143523openSUSE Security Update : the Linux Kernel (openSUSE-2020-2161)NessusSuSE Local Security Checks
high
143445Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4660-1)NessusUbuntu Local Security Checks
high
143433Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4657-1)NessusUbuntu Local Security Checks
high
143431Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4658-1)NessusUbuntu Local Security Checks
high
143429Ubuntu 20.10 : Linux kernel vulnerabilities (USN-4659-1)NessusUbuntu Local Security Checks
high
143261Fedora 32 : kernel (2020-4700a73bd5)NessusFedora Local Security Checks
low
143258Fedora 33 : kernel (2020-8c15928d23)NessusFedora Local Security Checks
low
143147AIX 7.2 TL 4 : power9 (IJ28227)NessusAIX Local Security Checks
low
143142AIX 7.1 TL 5 : power9 (IJ28229)NessusAIX Local Security Checks
low
143136AIX 7.2 TL 5 : power9 (IJ28226)NessusAIX Local Security Checks
low
143131AIX 7.2 TL 3 : power9 (IJ28228)NessusAIX Local Security Checks
low