SB2021062701 - Debian update for intel-microcode 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021062701

SB2021062701 - Debian update for intel-microcode

Published: June 27, 2021

Security Bulletin ID SB2021062701
Severity
Low
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Incomplete cleanup (CVE-ID: CVE-2020-24489)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incomplete cleanup, which leads to security restrictions bypass and privilege escalation.


2) Information disclosure (CVE-ID: CVE-2020-24511)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to improper isolation of shared resources. A local user can gain unauthorized access to sensitive information on the system.


3) Observable discrepancy (CVE-ID: CVE-2020-24512)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to observable timing discrepancy. A local user can gain unauthorized access to sensitive information on the system.


4) Information disclosure (CVE-ID: CVE-2020-24513)

The vulnerability allows a local user o gain access to potentially sensitive information.

The vulnerability exists due to domain-bypass transient execution issue. A local user can gain unauthorized access to sensitive information on the system.


Remediation

Install update from vendor's website.

References