Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cloudfoundryCloud FoundryCFOUNDRY:12A130F5867F69C520CCB42A0E666BA6
HistoryJun 11, 2021 - 12:00 a.m.

USN-4985-1: Intel Microcode vulnerabilities | Cloud Foundry

2021-06-1100:00:00
Cloud Foundry
www.cloudfoundry.org
26

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.975 High

EPSS

Percentile

100.0%

JSON

Severity

High

Vendor

Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 14.04
  • Canonical Ubuntu 16.04
  • Canonical Ubuntu 18.04

Description

It was discovered that some Intel processors may not properly invalidate cache entries used by Intel Virtualization Technology for Directed I/O (VT-d). This may allow a local user to perform a privilege escalation attack. (CVE-2021-24489)

Joseph Nuzman discovered that some Intel processors may not properly apply EIBRS mitigations (originally developed for CVE-2017-5715) and hence may allow unauthorized memory reads via sidechannel attacks. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2020-24511)

Travis Downs discovered that some Intel processors did not properly flush cache-lines for trivial-data values. This may allow an unauthorized user to infer the presence of these trivial-data-cache-lines via timing sidechannel attacks. A local attacker could use this to expose sensitive information. (CVE-2020-24512)

It was discovered that certain Intel Atom processors could expose memory contents stored in microarchitectural buffers. A local attacker could use this to expose sensitive information. (CVE-2020-24513)

CVEs contained in this USN include: CVE-2020-24512, CVE-2021-24489, CVE-2020-24513, CVE-2020-24511.

Affected Cloud Foundry Products and Versions

Severity is high unless otherwise noted.

  • Bionic Stemcells
    • 1.x versions prior to 1.10
    • All other stemcells not listed.

Mitigation

Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:

  • Bionic Stemcells
    • Upgrade 1.x versions to 1.10 or greater
    • All other stemcells should be upgraded to the latest version available on bosh.io.

References

History

2021-06-11: Initial vulnerability report published.

CPENameOperatorVersion
bionic stemcellslt1.10

Related

archlinux 1
openvas 25
ubuntu 1
osv 7
nessus 83
redhat 23
almalinux 1
oraclelinux 5
cloudlinux 1
suse 9
rocky 1
debian 3
intel 2
f5 1
redhatcve 3
mageia 2
veracode 4
wpexploit 1
cve 4
debiancve 4
ubuntucve 4
alpinelinux 2
prion 4
ibm 3
wpvulndb 1
centos 1
amazon 2
ics 1
archlinux
archlinux
[ASA-202106-34] intel-ucode: multiple issues
2021-06-15 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4985-1)
2021-06-10 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:1930-1)
2021-06-11 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:1932-1)
2021-06-11 00:00:00
ubuntu
ubuntu
Intel Microcode vulnerabilities
2021-06-09 00:00:00
osv
osv
intel-microcode vulnerabilities
2021-06-09 05:22:21
intel-microcode - security update
2021-06-26 00:00:00
intel-microcode - security update
2021-07-23 00:00:00
nessus
nessus
SUSE SLES12 Security Update : ucode-intel (SUSE-SU-2021:1929-1)
2021-06-12 00:00:00
Debian DLA-2718-1 : intel-microcode - LTS security update
2021-07-26 00:00:00
openSUSE 15 Security Update : ucode-intel (openSUSE-SU-2021:1933-1)
2021-07-16 00:00:00
redhat
redhat
(RHSA-2021:2305) Important: microcode_ctl security, bug fix and enhancement update
2021-06-08 23:41:38
(RHSA-2021:2301) Important: microcode_ctl security, bug fix and enhancement update
2021-06-08 23:38:39
(RHSA-2021:2308) Important: microcode_ctl security, bug fix and enhancement update
2021-06-08 23:43:58
almalinux
almalinux
Important: microcode_ctl security, bug fix and enhancement update
2021-06-08 23:43:58
oraclelinux
oraclelinux
microcode_ctl security, bug fix and enhancement update
2021-07-01 00:00:00
microcode_ctl security, bug fix and enhancement update
2021-06-11 00:00:00
microcode_ctl security update
2018-01-04 00:00:00
cloudlinux
cloudlinux
Fix of CVE: CVE-2020-24513, CVE-2020-24489, CVE-2020-24512, CVE-2020-24511
2021-09-21 22:12:17
suse
suse
Security update for ucode-intel (important)
2021-06-16 00:00:00
Security update for ucode-intel (important)
2021-07-10 00:00:00
Security update for kernel-firmware (important)
2018-01-05 18:09:20
rocky
rocky
microcode_ctl security, bug fix and enhancement update
2021-06-08 23:43:58
debian
debian
[SECURITY] [DLA 2718-1] intel-microcode security update
2021-07-26 08:05:58
[SECURITY] [DSA 4934-1] intel-microcode security update
2021-06-26 17:58:49
[SECURITY] [DLA 2148-1] amd64-microcode security update
2020-03-20 19:56:36
intel
intel
Intel® Processor Advisory
2021-06-08 00:00:00
2021.1 IPU - Intel Atom® Processor Advisory
2021-06-08 00:00:00
f5
f5
K32562936 : Intel CPU vulnerabilities CVE-2020-24511 and CVE-2020-24512
2021-07-01 00:00:00
redhatcve
redhatcve
CVE-2020-24511
2021-06-08 19:43:52
CVE-2020-24513
2021-06-08 20:13:52
CVE-2020-24512
2021-06-08 20:13:52
mageia
mageia
Updated microcode packages fix security vulnerabilities
2021-06-14 00:32:39
Updated microcode packages fix security vulnerabilities
2018-01-13 17:28:36
veracode
veracode
Information Disclosure
2021-06-11 10:31:15
Information Disclosure
2021-06-11 10:31:09
Privilege Escalation
2021-06-12 18:22:18
wpexploit
wpexploit
Request a Quote < 2.3.5 - Admin+ Stored Cross-Site Scripting
2021-09-21 00:00:00
cve
cve
CVE-2021-24489
2021-10-25 14:15:00
CVE-2020-24513
2021-06-09 19:15:00
CVE-2020-24511
2021-06-09 19:15:00
debiancve
debiancve
CVE-2020-24513
2021-06-09 19:15:00
CVE-2020-24511
2021-06-09 19:15:00
CVE-2020-24512
2021-06-09 19:15:00
ubuntucve
ubuntucve
CVE-2020-24513
2021-06-08 00:00:00
CVE-2020-24511
2021-06-08 00:00:00
CVE-2021-24489
2021-06-15 00:00:00
alpinelinux
alpinelinux
CVE-2020-24513
2021-06-09 19:15:00
CVE-2020-24511
2021-06-09 19:15:00
prion
prion
Design/Logic Flaw
2021-06-09 19:15:00
Design/Logic Flaw
2021-06-09 19:15:00
Cross site scripting
2021-10-25 14:15:00
ibm
ibm
Security Bulletin: Kernel as used by IBM QRadar Network Packet Capture contains multiple vulnerabilities
2021-10-14 20:23:25
Security Bulletin: Linux Kernel as used by IBM QRadar SIEM contains multiple vulnerabilities
2021-12-03 18:41:49
Security Bulletin: IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to the vulnerability known as Spectre (CVE-2017-5715)
2023-04-18 18:22:18
wpvulndb
wpvulndb
Request a Quote < 2.3.5 - Admin+ Stored Cross-Site Scripting
2021-09-21 00:00:00
centos
centos
microcode_ctl security update
2018-01-04 19:41:20
amazon
amazon
Important: microcode_ctl
2018-02-07 18:54:00
Important: qemu-kvm
2018-01-12 21:24:00
ics
ics
Siemens Industrial Products Intel CPUs (Update G)
2022-12-15 12:00:00

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.975 High

EPSS

Percentile

100.0%

JSON
Related for CFOUNDRY:12A130F5867F69C520CCB42A0E666BA6
archlinux1openvas25ubuntu1osv7nessus83redhat23almalinux1oraclelinux5cloudlinux1suse9rocky1debian3intel2f51redhatcve3mageia2veracode4wpexploit1cve4debiancve4ubuntucve4alpinelinux2prion4ibm3wpvulndb1centos1amazon2ics1