CVE-2020-8696Improper Removal of Sensitive Information Before Storage or Transfer in Intel-microcode

CWE-212Improper Removal of Sensitive Information Before Storage or Transfer13 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 52.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Debian Intel-microcodeDebian LinuxFedoraproject Fedora
Timeline
PublishedNov 12
Latest updateMay 24

Description

Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

debiandebian/intel-microcode< intel-microcode 3.20201110.1 (bookworm)

Also affects: Debian Linux 9.0, Fedora 31

🔴Vulnerability Details

5
GHSA
GHSA-qrq2-q88f-xpv2: Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable2022-05-24
OSV
intel-microcode vulnerabilities2021-05-17
OSV
CVE-2020-8696: Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable2020-11-12
OSV
intel-microcode regression2020-11-12
OSV
intel-microcode vulnerabilities2020-11-11

📋Vendor Advisories

5
Ubuntu
Intel Microcode vulnerabilities2021-05-17
Ubuntu
Intel Microcode regression2020-11-12
Ubuntu
Intel Microcode vulnerabilities2020-11-11
Red Hat
hw: Vector Register Leakage-Active2020-11-10
Debian
CVE-2020-8696: intel-microcode - Improper removal of sensitive information before storage or transfer in some Int...2020

💬Community

2
Bugzilla
CVE-2020-8696 hw: Vector Register Leakage-Active2020-10-22
Bugzilla
CVE-2019-8696 cups: stack-buffer-overflow in libcups's asn1_get_packed function2019-08-07