Bug 1962666 (CVE-2020-24513)

Summary: CVE-2020-24513 hw: information disclosure on some Intel Atom processors
Product: [Other] Security Response Reporter: Petr Matousek <pmatouse>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: esyr, security-response-team, skozina
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A potential domain bypass transient execution vulnerability was discovered on some Intel AtomĀ® processors that uses a microarchitectural incidental channel. Currently this channel can reveal supervisor data in the L1 cache and the contents of recent stores. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access.
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-06-09 03:04:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1962668, 1962669, 1962670, 1962672, 1962673, 1962674, 1962675, 1962676, 1962677, 1962678, 1962679, 1962680    
Bug Blocks: 1962646    

Description Petr Matousek 2021-05-20 13:25:56 UTC
A potential domain bypass transient execution vulnerability was discovered on some Intel AtomĀ® processors that uses a microarchitectural incidental channel. Currently this channel can reveal supervisor data in the L1 cache and the contents of recent stores. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access.

Comment 2 errata-xmlrpc 2021-06-09 00:27:54 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Extended Lifecycle Support

Via RHSA-2021:2299 https://access.redhat.com/errata/RHSA-2021:2299

Comment 3 errata-xmlrpc 2021-06-09 00:38:17 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Advanced Update Support

Via RHSA-2021:2302 https://access.redhat.com/errata/RHSA-2021:2302

Comment 4 errata-xmlrpc 2021-06-09 01:04:18 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Advanced Update Support

Via RHSA-2021:2300 https://access.redhat.com/errata/RHSA-2021:2300

Comment 5 errata-xmlrpc 2021-06-09 01:09:28 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:2306 https://access.redhat.com/errata/RHSA-2021:2306

Comment 6 errata-xmlrpc 2021-06-09 01:41:27 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:2307 https://access.redhat.com/errata/RHSA-2021:2307

Comment 7 errata-xmlrpc 2021-06-09 01:56:39 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:2308 https://access.redhat.com/errata/RHSA-2021:2308

Comment 8 errata-xmlrpc 2021-06-09 02:02:07 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support
  Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.4 Telco Extended Update Support

Via RHSA-2021:2301 https://access.redhat.com/errata/RHSA-2021:2301

Comment 9 errata-xmlrpc 2021-06-09 02:13:51 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Advanced Update Support
  Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.6 Telco Extended Update Support

Via RHSA-2021:2303 https://access.redhat.com/errata/RHSA-2021:2303

Comment 10 errata-xmlrpc 2021-06-09 02:14:33 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Extended Update Support

Via RHSA-2021:2304 https://access.redhat.com/errata/RHSA-2021:2304

Comment 11 errata-xmlrpc 2021-06-09 02:15:00 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:2305 https://access.redhat.com/errata/RHSA-2021:2305

Comment 12 Product Security DevOps Team 2021-06-09 03:04:11 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-24513