CVE-2020-8696

LOW

Description

Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

References

https://lists.debian.org/debian-lts-announce/2021/02/msg00007.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/MAAGIK5CXKBPGY3R4UR5VO56M7MKLZ43/

https://security.netapp.com/advisory/ntap-20201113-0006/

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381

Details

Source: MITRE

Published: 2020-11-12

Updated: 2021-02-11

Type: CWE-212

Risk Information

CVSS v2.0

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3.0

Base Score: 5.5

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM