CVE-2020-4788Sensitive Information Exposure in IBM Vios

CWE-200Sensitive Information Exposure16 documents9 sources
Severity
4.7MEDIUMNVD
EPSS
0.2%
top 58.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Linux KernelIBM AIXIBM Vios+4 more
Timeline
PublishedNov 20
Latest updateMay 24

Description

IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages8 packages

CVEListV5ibm/vios3.1
NVDibm/vios3.1.0, 3.1.1, 3.1.2+2
Debianlinux/linux_kernel< 5.9.11-1+3
CVEListV5ibm/aix7.1, 7.2+1
NVDibm/aix6 versions+5

Also affects: Fedora 32, 33

Patches

Patch: www.openwall.comPatch: www.ibm.comPatch: www.oracle.com

🔴Vulnerability Details

7
GHSA
GHSA-fv43-627p-jvmr: IBM Power9 (AIX 72022-05-24
Kernel
Merge tag 'powerpc-cve-2020-4788' into fixes2020-11-23
CVEList
CVE-2020-4788: IBM Power9 (AIX 72020-11-20
OSV
CVE-2020-4788: IBM Power9 (AIX 72020-11-20
Kernel
Merge tag 'powerpc-cve-2020-4788' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux2020-11-19

📋Vendor Advisories

7
Ubuntu
Linux kernel vulnerabilities2021-01-06
Ubuntu
Linux kernel vulnerabilities2020-12-03
Ubuntu
Linux kernel vulnerabilities2020-12-03
Ubuntu
Linux kernel vulnerabilities2020-12-02
Ubuntu
Linux kernel vulnerabilities2020-12-02

💬Community

1
Bugzilla
CVE-2020-4788 kernel: speculation on incompletely validated data on IBM Power92020-10-14
CVE-2020-4788 — Sensitive Information Exposure in IBM | cvebase