6.5
CVE-2021-0089
- EPSS 0.37%
- Veröffentlicht 09.06.2021 20:15:08
- Zuletzt bearbeitet 21.11.2024 05:41:49
- Quelle secure@intel.com
- CVE-Watchlists
- Unerledigt
Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version10.0
Fedoraproject ≫ Fedora Version33
Fedoraproject ≫ Fedora Version34
Intel ≫ Pentium Processors Firmware Version-
Intel ≫ Celeron Processors Firmware Version-
Intel ≫ Xeon Processors Firmware Version-
Intel ≫ Core Processors Firmware Version-
Intel ≫ Itanium Processors Firmware Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.37% | 0.288 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2 | 4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:P/I:N/A:N
|
CWE-203 Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.
https://security.gentoo.org/glsa/202107-30
http://www.openwall.com/lists/oss-security/2021/06/10/1
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H36U6CNREC436W6GYO7QUMJIVEA35SCV/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVA2NY26MMXOODUMYZN5DCU3FXMBMBOB/
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00516.html
http://www.openwall.com/lists/oss-security/2021/06/10/10
http://www.openwall.com/lists/oss-security/2021/06/10/11
https://www.debian.org/security/2021/dsa-4931