CVE-2020-4788

Published: Nov 20, 2020Modified: Nov 21, 2024

4.7

Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.0 / Impact: 3.6

Source: NVD

Description

IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.

Affected (14)

Products: Ibm: Aix, Vios · Fedoraproject: Fedora · Oracle: Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Exposure Function, Communications Cloud Native Core Policy

2 products

1 product

3 products

Communications Cloud Native Core Binding Support Function

Communications Cloud Native Core Network Exposure Function

Communications Cloud Native Core Policy

Configuration A

9 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm Aix	Version 7.1.0
Ibm Aix	Version 7.1.5
Ibm Aix	Version 7.2.0
Ibm Aix	Version 7.2.3
Ibm Aix	Version 7.2.4
Ibm Aix	Version 7.2.5
Ibm Vios	Version 3.1.0
Ibm Vios	Version 3.1.1
Ibm Vios	Version 3.1.2

Running on/with	Platform Versions
Ibm Power9	All versions

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 32
Fedoraproject Fedora	Version 33

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Oracle Communications Cloud Native Core Binding Support Function	Version 22.1.3
Oracle Communications Cloud Native Core Network Exposure Function	Version 22.1.1
Oracle Communications Cloud Native Core Policy	Version 22.2.0

References (14)

http://www.openwall.com/lists/oss-security/2020/11/20/3

Source: psirt@us.ibm.com

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2020/11/23/1

Source: psirt@us.ibm.com

Mailing ListThird Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/189296

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TITJQPYDWZ4NB2ONJWUXW75KSQIPF35T/

Source: psirt@us.ibm.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZF4OGZPKTAJJXWHPIFP3LHEWWEMR5LPT/

Source: psirt@us.ibm.com

https://www.ibm.com/support/pages/node/6370729

Source: psirt@us.ibm.com

PatchVendor Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

Source: psirt@us.ibm.com

PatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2020/11/20/3

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2020/11/23/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/189296

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TITJQPYDWZ4NB2ONJWUXW75KSQIPF35T/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZF4OGZPKTAJJXWHPIFP3LHEWWEMR5LPT/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.ibm.com/support/pages/node/6370729

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.