CVE-2020-0548Improper Resource Shutdown or Release in Intel-microcode

CWE-404Improper Resource Shutdown or ReleaseCWE-200Sensitive Information ExposureCWE-203Observable Discrepancy11 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.4%
top 38.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian Intel-microcodeIntel Processors
Timeline
PublishedJan 28
Latest updateMay 24

Description

Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5intel/intel_processorssee references
debiandebian/intel-microcode< intel-microcode 3.20200609.1 (bookworm)

🔴Vulnerability Details

4
GHSA
GHSA-jrm4-9v64-6qxc: Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access2022-05-24
OSV
intel-microcode regression2020-06-10
OSV
intel-microcode vulnerabilities2020-06-09
OSV
CVE-2020-0548: Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access2020-01-28

📋Vendor Advisories

4
Ubuntu
Intel Microcode regression2020-06-10
Ubuntu
Intel Microcode vulnerabilities2020-06-09
Red Hat
hw: Vector Register Data Sampling2020-01-27
Debian
CVE-2020-0548: intel-microcode - Cleanup errors in some Intel(R) Processors may allow an authenticated user to po...2020

💬Community

2
Bugzilla
CVE-2020-0548 microcode_ctl: hw: Vector Register Data Sampling [fedora-all]2020-01-27
Bugzilla
CVE-2020-0548 hw: Vector Register Data Sampling2020-01-08