CVE-2021-0089

Published: Jun 9, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Exploitability: 2.0 / Impact: 4.0

Source: NVD

Description

Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

Affected (8)

Products: Debian: Debian Linux · Fedoraproject: Fedora · Intel: Pentium Processors Firmware, Celeron Processors Firmware, Xeon Processors Firmware, Core Processors Firmware, Itanium Processors Firmware

1 product

1 product

5 products

Pentium Processors Firmware

Celeron Processors Firmware

Xeon Processors Firmware

Core Processors Firmware

Itanium Processors Firmware

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Fedoraproject Fedora	Version 33
Fedoraproject Fedora	Version 34

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Pentium Processors Firmware	All versions

Running on/with	Platform Versions
Intel Pentium Processors	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Celeron Processors Firmware	All versions

Running on/with	Platform Versions
Intel Celeron Processors	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Xeon Processors Firmware	All versions

Running on/with	Platform Versions
Intel Xeon Processors	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Core Processors Firmware	All versions

Running on/with	Platform Versions
Intel Core Processors	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Itanium Processors Firmware	All versions

Running on/with	Platform Versions
Intel Itanium Processors	All versions

Related CWEs

CWE-203

Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

References (16)

http://www.openwall.com/lists/oss-security/2021/06/10/1

Source: secure@intel.com

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/06/10/10

Source: secure@intel.com

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/06/10/11

Source: secure@intel.com

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H36U6CNREC436W6GYO7QUMJIVEA35SCV/

Source: secure@intel.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVA2NY26MMXOODUMYZN5DCU3FXMBMBOB/

Source: secure@intel.com

https://security.gentoo.org/glsa/202107-30

Source: secure@intel.com

Third Party Advisory

https://www.debian.org/security/2021/dsa-4931

Source: secure@intel.com

Third Party Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00516.html

Source: secure@intel.com

Vendor Advisory

http://www.openwall.com/lists/oss-security/2021/06/10/1