CVE-2020-8698
Published: 10 November 2020
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
From the Ubuntu Security Team
Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that some Intel(R) Processors did not properly isolate shared resources in some situations. A local attacker could possibly use this to expose sensitive information.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
intel-microcode Launchpad, Ubuntu, Debian |
bionic |
Released
(3.20201110.0ubuntu0.18.04.1)
|
| eoan |
Ignored
(reached end-of-life)
|
|
| focal |
Released
(3.20201110.0ubuntu0.20.04.1)
|
|
| groovy |
Released
(3.20201110.0ubuntu0.20.10.1)
|
|
| trusty |
Released
(3.20201110.0ubuntu0.14.04.1)
|
|
| upstream |
Needs triage
|
|
| xenial |
Released
(3.20201110.0ubuntu0.16.04.1)
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.5 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |