CVE-2020-4788

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.

References

http://www.openwall.com/lists/oss-security/2020/11/20/3

http://www.openwall.com/lists/oss-security/2020/11/23/1

https://exchange.xforce.ibmcloud.com/vulnerabilities/189296

https://lists.fedoraproject.org/archives/list/[email protected]/message/TITJQPYDWZ4NB2ONJWUXW75KSQIPF35T/

https://lists.fedoraproject.org/archives/list/[email protected]/message/ZF4OGZPKTAJJXWHPIFP3LHEWWEMR5LPT/

https://www.ibm.com/support/pages/node/6370729

Details

Source: MITRE

Published: 2020-11-20

Updated: 2020-12-03

Risk Information

CVSS v2

Base Score: 1.9

Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.4

Severity: LOW

CVSS v3

Base Score: 4.7

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 1

Severity: MEDIUM

Vulnerable Software

Configuration 1

AND

OR

cpe:2.3:o:ibm:aix:7.1.0:*:*:*:*:*:*:*

cpe:2.3:o:ibm:aix:7.1.5:*:*:*:*:*:*:*

cpe:2.3:o:ibm:aix:7.2.0:*:*:*:*:*:*:*

cpe:2.3:o:ibm:aix:7.2.3:*:*:*:*:*:*:*

cpe:2.3:o:ibm:aix:7.2.4:*:*:*:*:*:*:*

cpe:2.3:o:ibm:aix:7.2.5:*:*:*:*:*:*:*

cpe:2.3:o:ibm:vios:3.1.0:*:*:*:*:*:*:*

cpe:2.3:o:ibm:vios:3.1.1:*:*:*:*:*:*:*

cpe:2.3:o:ibm:vios:3.1.2:*:*:*:*:*:*:*

OR

cpe:2.3:o:ibm:power9:-:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Tenable Plugins

View all (31 total)

IDNameProductFamilySeverity
150784Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9305)NessusOracle Linux Local Security Checks
medium
150782Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9308)NessusOracle Linux Local Security Checks
medium
150536SUSE SLES11 Security Update : kernel (SUSE-SU-2021:14630-1)NessusSuSE Local Security Checks
high
148041EulerOS 2.0 SP5 : kernel (EulerOS-SA-2021-1684)NessusHuawei Local Security Checks
high
147588EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2021-1386)NessusHuawei Local Security Checks
high
146511SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0452-1)NessusSuSE Local Security Checks
high
146474SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0438-1)NessusSuSE Local Security Checks
high
146470SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0434-1)NessusSuSE Local Security Checks
high
146282openSUSE Security Update : RT kernel (openSUSE-2021-242)NessusSuSE Local Security Checks
high
145287openSUSE Security Update : the Linux Kernel (openSUSE-2021-75)NessusSuSE Local Security Checks
medium
145120SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0133-1)NessusSuSE Local Security Checks
medium
145018SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:0118-1)NessusSuSE Local Security Checks
medium
144914SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0098-1)NessusSuSE Local Security Checks
high
144752Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4681-1)NessusUbuntu Local Security Checks
high
144313openSUSE Security Update : the Linux Kernel (openSUSE-2020-2260)NessusSuSE Local Security Checks
medium
144259SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3798-1)NessusSuSE Local Security Checks
high
144168EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-2514)NessusHuawei Local Security Checks
medium
144143SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3764-1)NessusSuSE Local Security Checks
high
144101SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:3748-1)NessusSuSE Local Security Checks
medium
143542openSUSE Security Update : the Linux Kernel (openSUSE-2020-2193)NessusSuSE Local Security Checks
medium
143523openSUSE Security Update : the Linux Kernel (openSUSE-2020-2161)NessusSuSE Local Security Checks
medium
143445Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4660-1)NessusUbuntu Local Security Checks
high
143433Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4657-1)NessusUbuntu Local Security Checks
high
143431Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4658-1)NessusUbuntu Local Security Checks
high
143429Ubuntu 20.10 : Linux kernel vulnerabilities (USN-4659-1)NessusUbuntu Local Security Checks
high
143261Fedora 32 : kernel (2020-4700a73bd5)NessusFedora Local Security Checks
medium
143258Fedora 33 : kernel (2020-8c15928d23)NessusFedora Local Security Checks
medium
143147AIX 7.2 TL 4 : power9 (IJ28227)NessusAIX Local Security Checks
medium
143142AIX 7.1 TL 5 : power9 (IJ28229)NessusAIX Local Security Checks
medium
143136AIX 7.2 TL 5 : power9 (IJ28226)NessusAIX Local Security Checks
medium
143131AIX 7.2 TL 3 : power9 (IJ28228)NessusAIX Local Security Checks
medium