{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\nBug Fix(es) and Enhancement(s):\n\n* Update Intel CPU microcode to microcode-20201027 release, addresses:\n\n  - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;\n  - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;\n  - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;\n  - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;\n  - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;\n  - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision\n    0xe0;\n  - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in\n    intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in\n    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up\n    to 0x2006a08;\n  - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in\n    intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up\n    to 0xe0;\n  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)\n    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from\n    revision 0xd6 up to 0xde;\n  - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode\n    from revision 0x43 up to 0x44;\n  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157\n    up to 0x1000159;\n  - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01\n    up to 0x4003003;\n  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision\n    0x5002f01 up to 0x5003003;\n  - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up\n    to 0x40;\n  - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up\n    to 0x1e;\n  - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up\n    to 0x18;\n  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78\n    up to 0xa0;\n  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca\n    up to 0xe0.\n\n* Add README file to the documentation directory.\n\n* Add publicly-sourced codenames list to supply to gen_provides.sh; update\n  the latter to handle the somewhat different format.\n\n* Add SUMMARY.intel-ucode file containing metadata information from\n  the microcode file headers.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:5185",
        "url": "https://access.redhat.com/errata/RHSA-2020:5185"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5185.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T21:12:04+00:00",
      "generator": {
        "date": "2025-10-09T21:12:04+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2020:5185",
      "initial_release_date": "2020-11-23T18:00:10+00:00",
      "revision_history": [
        {
          "date": "2020-11-23T18:00:10+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-11-23T18:00:10+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T21:12:04+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux BaseOS EUS (v. 8.2)",
                "product": {
                  "name": "Red Hat Enterprise Linux BaseOS EUS (v. 8.2)",
                  "product_id": "BaseOS-8.2.0.Z.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_eus:8.2::baseos"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64",
                "product": {
                  "name": "microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64",
                  "product_id": "microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20191115-4.20201112.1.el8_2?arch=x86_64\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
                "product": {
                  "name": "microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
                  "product_id": "microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20191115-4.20201112.1.el8_2?arch=src\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20191115-4.20201112.1.el8_2.src as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.2)",
          "product_id": "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.src"
        },
        "product_reference": "microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
        "relates_to_product_reference": "BaseOS-8.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.2)",
          "product_id": "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64"
        },
        "product_reference": "microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64",
        "relates_to_product_reference": "BaseOS-8.2.0.Z.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T18:00:10+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5185"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T18:00:10+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5185"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T18:00:10+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5185"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 8.0\nUpdate Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\nBug Fix(es) and Enhancement(s):\n\n* Update Intel CPU microcode to microcode-20201027 release, addresses:\n  - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;\n  - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;\n  - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;\n  - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;\n  - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;\n  - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision\n    0xe0;\n  - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in\n    intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in\n    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up\n    to 0x2006a08;\n  - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in\n    intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up\n    to 0xe0;\n  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)\n    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from\n    revision 0xd6 up to 0xde;\n  - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode\n    from revision 0x43 up to 0x44;\n  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157\n    up to 0x1000159;\n  - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01\n    up to 0x4003003;\n  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision\n    0x5002f01 up to 0x5003003;\n  - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up\n    to 0x40;\n  - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up\n    to 0x1e;\n  - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up\n    to 0x18;\n  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78\n    up to 0xa0;\n  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca\n    up to 0xe0.\n* Add README file to the documentation directory.\n* Add publicly-sourced codenames list to supply to gen_provides.sh; update\n  the latter to handle the somewhat different format.\n* Add SUMMARY.intel-ucode file containing metadata information from\n  the microcode file headers.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:5186",
        "url": "https://access.redhat.com/errata/RHSA-2020:5186"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5186.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T21:12:04+00:00",
      "generator": {
        "date": "2025-10-09T21:12:04+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2020:5186",
      "initial_release_date": "2020-11-23T17:49:03+00:00",
      "revision_history": [
        {
          "date": "2020-11-23T17:49:03+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-11-23T17:49:03+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T21:12:04+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux BaseOS E4S (v. 8.0)",
                "product": {
                  "name": "Red Hat Enterprise Linux BaseOS E4S (v. 8.0)",
                  "product_id": "BaseOS-8.0.0.Z.E4S",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_e4s:8.0::baseos"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64",
                "product": {
                  "name": "microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64",
                  "product_id": "microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20180807a-2.20201112.1.el8_0?arch=x86_64\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
                "product": {
                  "name": "microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
                  "product_id": "microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20180807a-2.20201112.1.el8_0?arch=src\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20180807a-2.20201112.1.el8_0.src as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.0)",
          "product_id": "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.src"
        },
        "product_reference": "microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
        "relates_to_product_reference": "BaseOS-8.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.0)",
          "product_id": "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64"
        },
        "product_reference": "microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64",
        "relates_to_product_reference": "BaseOS-8.0.0.Z.E4S"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
          "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T17:49:03+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5186"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
          "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T17:49:03+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5186"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
          "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T17:49:03+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5186"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n* hw: Vector Register Data Sampling (CVE-2020-0548)\n\n* hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\n* hw: vt-d related privilege escalation (CVE-2020-24489)\n\n* hw: improper isolation of shared resources in some Intel Processors (CVE-2020-24511)\n\n* hw: observable timing discrepancy in some Intel Processors (CVE-2020-24512)\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:3255",
        "url": "https://access.redhat.com/errata/RHSA-2021:3255"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1788786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
      },
      {
        "category": "external",
        "summary": "1788788",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
      },
      {
        "category": "external",
        "summary": "1827165",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "external",
        "summary": "1962650",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
      },
      {
        "category": "external",
        "summary": "1962702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
      },
      {
        "category": "external",
        "summary": "1962722",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
      },
      {
        "category": "external",
        "summary": "1972334",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1972334"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3255.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2024-12-29T19:05:01+00:00",
      "generator": {
        "date": "2024-12-29T19:05:01+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.4"
        }
      },
      "id": "RHSA-2021:3255",
      "initial_release_date": "2021-08-24T10:01:08+00:00",
      "revision_history": [
        {
          "date": "2021-08-24T10:01:08+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-08-24T12:01:49+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-29T19:05:01+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server AUS (v. 7.4)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server AUS (v. 7.4)",
                  "product_id": "7Server-7.4.AUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_aus:7.4::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server E4S (v. 7.4)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server E4S (v. 7.4)",
                  "product_id": "7Server-7.4.E4S",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_e4s:7.4::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server TUS (v. 7.4)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server TUS (v. 7.4)",
                  "product_id": "7Server-7.4.TUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_tus:7.4::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-22.41.el7_4.src",
                "product": {
                  "name": "microcode_ctl-2:2.1-22.41.el7_4.src",
                  "product_id": "microcode_ctl-2:2.1-22.41.el7_4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-22.41.el7_4?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-22.41.el7_4.x86_64",
                "product": {
                  "name": "microcode_ctl-2:2.1-22.41.el7_4.x86_64",
                  "product_id": "microcode_ctl-2:2.1-22.41.el7_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-22.41.el7_4?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
                "product": {
                  "name": "microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
                  "product_id": "microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl-debuginfo@2.1-22.41.el7_4?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-22.41.el7_4.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
          "product_id": "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src"
        },
        "product_reference": "microcode_ctl-2:2.1-22.41.el7_4.src",
        "relates_to_product_reference": "7Server-7.4.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-22.41.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
          "product_id": "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-22.41.el7_4.x86_64",
        "relates_to_product_reference": "7Server-7.4.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
          "product_id": "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
        "relates_to_product_reference": "7Server-7.4.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-22.41.el7_4.src as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
          "product_id": "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src"
        },
        "product_reference": "microcode_ctl-2:2.1-22.41.el7_4.src",
        "relates_to_product_reference": "7Server-7.4.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-22.41.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
          "product_id": "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-22.41.el7_4.x86_64",
        "relates_to_product_reference": "7Server-7.4.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
          "product_id": "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
        "relates_to_product_reference": "7Server-7.4.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-22.41.el7_4.src as a component of Red Hat Enterprise Linux Server TUS (v. 7.4)",
          "product_id": "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src"
        },
        "product_reference": "microcode_ctl-2:2.1-22.41.el7_4.src",
        "relates_to_product_reference": "7Server-7.4.TUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-22.41.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.4)",
          "product_id": "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-22.41.el7_4.x86_64",
        "relates_to_product_reference": "7Server-7.4.TUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.4)",
          "product_id": "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
        "relates_to_product_reference": "7Server-7.4.TUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-0543",
      "discovery_date": "2020-04-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1827165"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Special Register Buffer Data Sampling (SRBDS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/5142691",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "RHBZ#1827165",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142691",
          "url": "https://access.redhat.com/solutions/5142691"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142751",
          "url": "https://access.redhat.com/solutions/5142751"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri",
          "url": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling",
          "url": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling"
        },
        {
          "category": "external",
          "summary": "https://xenbits.xen.org/xsa/advisory-320.html",
          "url": "https://xenbits.xen.org/xsa/advisory-320.html"
        }
      ],
      "release_date": "2020-06-09T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-24T10:01:08+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3255"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Special Register Buffer Data Sampling (SRBDS)"
    },
    {
      "cve": "CVE-2020-0548",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788786"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read by another process or a CPU sibling. The highest threat from this vulnerability is data confidentiality where an attacker could read arbitrary data as it passes through the processor.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Data Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788786",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-24T10:01:08+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3255"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: Vector Register Data Sampling"
    },
    {
      "cve": "CVE-2020-0549",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788788"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the \u201cfill buffers\u201d and not properly cleared by the MDS mitigations. The fill buffer contents (which were expected to be blank) can be inferred using MDS or TAA style attack methods to allow a local attacker to infer fill buffer values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: L1D Cache Eviction Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788788",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-24T10:01:08+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3255"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: L1D Cache Eviction Sampling"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-24T10:01:08+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3255"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-24T10:01:08+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3255"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-24T10:01:08+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3255"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24489",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962650"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel\u00ae VT-d products. Entries from the context cache on some types of context cache invalidations may not be properly invalidated which may allow an authenticated user to potentially enable escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: vt-d related privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962650",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-24T10:01:08+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3255"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hw: vt-d related privilege escalation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24511",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962702"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Microcode misconfiguration in some Intel processors may cause EIBRS mitigation (CVE-2017-5715) to be incomplete. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: improper isolation of shared resources in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962702",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24511",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-24T10:01:08+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3255"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: improper isolation of shared resources in some Intel Processors"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24512",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962722"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: observable timing discrepancy in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962722",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24512",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-24T10:01:08+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3255"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: observable timing discrepancy in some Intel Processors"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux\n7.6 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "* hw: Vector Register Data Sampling (CVE-2020-0548)\n\n* hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\n* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface\n(CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\n* hw: vt-d related privilege escalation (CVE-2020-24489)\n\n* hw: improper isolation of shared resources in some Intel Processors\n(CVE-2020-24511)\n\n* hw: observable timing discrepancy in some Intel Processors\n(CVE-2020-24512)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:3317",
        "url": "https://access.redhat.com/errata/RHSA-2021:3317"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1788786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
      },
      {
        "category": "external",
        "summary": "1788788",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
      },
      {
        "category": "external",
        "summary": "1827165",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "external",
        "summary": "1962650",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
      },
      {
        "category": "external",
        "summary": "1962702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
      },
      {
        "category": "external",
        "summary": "1962722",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
      },
      {
        "category": "external",
        "summary": "1972333",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1972333"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3317.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2024-12-29T19:05:09+00:00",
      "generator": {
        "date": "2024-12-29T19:05:09+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.4"
        }
      },
      "id": "RHSA-2021:3317",
      "initial_release_date": "2021-08-31T08:30:36+00:00",
      "revision_history": [
        {
          "date": "2021-08-31T08:30:36+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-08-31T08:30:36+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-29T19:05:09+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server AUS (v. 7.6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server AUS (v. 7.6)",
                  "product_id": "7Server-7.6.AUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_aus:7.6::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server E4S (v. 7.6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server E4S (v. 7.6)",
                  "product_id": "7Server-7.6.E4S",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_e4s:7.6::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server TUS (v. 7.6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server TUS (v. 7.6)",
                  "product_id": "7Server-7.6.TUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_tus:7.6::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-47.23.el7_6.src",
                "product": {
                  "name": "microcode_ctl-2:2.1-47.23.el7_6.src",
                  "product_id": "microcode_ctl-2:2.1-47.23.el7_6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-47.23.el7_6?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-47.23.el7_6.x86_64",
                "product": {
                  "name": "microcode_ctl-2:2.1-47.23.el7_6.x86_64",
                  "product_id": "microcode_ctl-2:2.1-47.23.el7_6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-47.23.el7_6?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
                "product": {
                  "name": "microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
                  "product_id": "microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl-debuginfo@2.1-47.23.el7_6?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-47.23.el7_6.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.6)",
          "product_id": "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src"
        },
        "product_reference": "microcode_ctl-2:2.1-47.23.el7_6.src",
        "relates_to_product_reference": "7Server-7.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-47.23.el7_6.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.6)",
          "product_id": "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-47.23.el7_6.x86_64",
        "relates_to_product_reference": "7Server-7.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.6)",
          "product_id": "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
        "relates_to_product_reference": "7Server-7.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-47.23.el7_6.src as a component of Red Hat Enterprise Linux Server E4S (v. 7.6)",
          "product_id": "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src"
        },
        "product_reference": "microcode_ctl-2:2.1-47.23.el7_6.src",
        "relates_to_product_reference": "7Server-7.6.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-47.23.el7_6.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.6)",
          "product_id": "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-47.23.el7_6.x86_64",
        "relates_to_product_reference": "7Server-7.6.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.6)",
          "product_id": "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
        "relates_to_product_reference": "7Server-7.6.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-47.23.el7_6.src as a component of Red Hat Enterprise Linux Server TUS (v. 7.6)",
          "product_id": "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src"
        },
        "product_reference": "microcode_ctl-2:2.1-47.23.el7_6.src",
        "relates_to_product_reference": "7Server-7.6.TUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-47.23.el7_6.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.6)",
          "product_id": "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-47.23.el7_6.x86_64",
        "relates_to_product_reference": "7Server-7.6.TUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.6)",
          "product_id": "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
        "relates_to_product_reference": "7Server-7.6.TUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-0543",
      "discovery_date": "2020-04-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1827165"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Special Register Buffer Data Sampling (SRBDS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/5142691",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "RHBZ#1827165",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142691",
          "url": "https://access.redhat.com/solutions/5142691"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142751",
          "url": "https://access.redhat.com/solutions/5142751"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri",
          "url": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling",
          "url": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling"
        },
        {
          "category": "external",
          "summary": "https://xenbits.xen.org/xsa/advisory-320.html",
          "url": "https://xenbits.xen.org/xsa/advisory-320.html"
        }
      ],
      "release_date": "2020-06-09T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:30:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3317"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Special Register Buffer Data Sampling (SRBDS)"
    },
    {
      "cve": "CVE-2020-0548",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788786"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read by another process or a CPU sibling. The highest threat from this vulnerability is data confidentiality where an attacker could read arbitrary data as it passes through the processor.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Data Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788786",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:30:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3317"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: Vector Register Data Sampling"
    },
    {
      "cve": "CVE-2020-0549",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788788"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the \u201cfill buffers\u201d and not properly cleared by the MDS mitigations. The fill buffer contents (which were expected to be blank) can be inferred using MDS or TAA style attack methods to allow a local attacker to infer fill buffer values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: L1D Cache Eviction Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788788",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:30:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3317"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: L1D Cache Eviction Sampling"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:30:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3317"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:30:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3317"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:30:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3317"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24489",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962650"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel\u00ae VT-d products. Entries from the context cache on some types of context cache invalidations may not be properly invalidated which may allow an authenticated user to potentially enable escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: vt-d related privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962650",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:30:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3317"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hw: vt-d related privilege escalation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24511",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962702"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Microcode misconfiguration in some Intel processors may cause EIBRS mitigation (CVE-2017-5715) to be incomplete. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: improper isolation of shared resources in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962702",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24511",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:30:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3317"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: improper isolation of shared resources in some Intel Processors"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24512",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962722"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: observable timing discrepancy in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962722",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24512",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:30:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3317"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: observable timing discrepancy in some Intel Processors"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\nBug Fix(es) and Enhancement(s):\n\n* Update Intel CPU microcode to microcode-20201027 release, addresses:\n\n  - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;\n  - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;\n  - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;\n  - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;\n  - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;\n  - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision\n    0xe0;\n  - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in\n    intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in\n    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up\n    to 0x2006a08;\n  - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in\n    intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up\n    to 0xe0;\n  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)\n    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from\n    revision 0xd6 up to 0xde;\n  - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode\n    from revision 0x43 up to 0x44;\n  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157\n    up to 0x1000159;\n  - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01\n    up to 0x4003003;\n  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision\n    0x5002f01 up to 0x5003003;\n  - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up\n    to 0x40;\n  - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up\n    to 0x1e;\n  - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up\n    to 0x18;\n  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78\n    up to 0xa0;\n  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca\n    up to 0xe0.\n\n* Add README file to the documentation directory.\n\n* Add publicly-sourced codenames list to supply to gen_provides.sh; update\n  the latter to handle the somewhat different format.\n\n* Add SUMMARY.intel-ucode file containing metadata information from\n  the microcode file headers.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:5185",
        "url": "https://access.redhat.com/errata/RHSA-2020:5185"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5185.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2024-12-29T19:05:16+00:00",
      "generator": {
        "date": "2024-12-29T19:05:16+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.4"
        }
      },
      "id": "RHSA-2020:5185",
      "initial_release_date": "2020-11-23T18:00:10+00:00",
      "revision_history": [
        {
          "date": "2020-11-23T18:00:10+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-11-23T18:00:10+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-29T19:05:16+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux BaseOS EUS (v. 8.2)",
                "product": {
                  "name": "Red Hat Enterprise Linux BaseOS EUS (v. 8.2)",
                  "product_id": "BaseOS-8.2.0.Z.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_eus:8.2::baseos"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64",
                "product": {
                  "name": "microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64",
                  "product_id": "microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20191115-4.20201112.1.el8_2?arch=x86_64\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
                "product": {
                  "name": "microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
                  "product_id": "microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20191115-4.20201112.1.el8_2?arch=src\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20191115-4.20201112.1.el8_2.src as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.2)",
          "product_id": "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.src"
        },
        "product_reference": "microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
        "relates_to_product_reference": "BaseOS-8.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.2)",
          "product_id": "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64"
        },
        "product_reference": "microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64",
        "relates_to_product_reference": "BaseOS-8.2.0.Z.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T18:00:10+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5185"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T18:00:10+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5185"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T18:00:10+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5185"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.7 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n* hw: Vector Register Data Sampling (CVE-2020-0548)\n\n* hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\n* hw: vt-d related privilege escalation (CVE-2020-24489)\n\n* hw: improper isolation of shared resources in some Intel Processors (CVE-2020-24511)\n\n* hw: observable timing discrepancy in some Intel Processors (CVE-2020-24512)\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:3029",
        "url": "https://access.redhat.com/errata/RHSA-2021:3029"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1788786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
      },
      {
        "category": "external",
        "summary": "1788788",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
      },
      {
        "category": "external",
        "summary": "1827165",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "external",
        "summary": "1962650",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
      },
      {
        "category": "external",
        "summary": "1962702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
      },
      {
        "category": "external",
        "summary": "1962722",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
      },
      {
        "category": "external",
        "summary": "1972332",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1972332"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3029.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T19:59:29+00:00",
      "generator": {
        "date": "2025-10-09T19:59:29+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2021:3029",
      "initial_release_date": "2021-08-10T16:13:33+00:00",
      "revision_history": [
        {
          "date": "2021-08-10T16:13:33+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-08-10T16:13:33+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T19:59:29+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ComputeNode EUS (v. 7.7)",
                "product": {
                  "name": "Red Hat Enterprise Linux ComputeNode EUS (v. 7.7)",
                  "product_id": "7ComputeNode-7.7.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_eus:7.7::computenode"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server EUS (v. 7.7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server EUS (v. 7.7)",
                  "product_id": "7Server-7.7.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_eus:7.7::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-53.18.el7_7.src",
                "product": {
                  "name": "microcode_ctl-2:2.1-53.18.el7_7.src",
                  "product_id": "microcode_ctl-2:2.1-53.18.el7_7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-53.18.el7_7?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-53.18.el7_7.x86_64",
                "product": {
                  "name": "microcode_ctl-2:2.1-53.18.el7_7.x86_64",
                  "product_id": "microcode_ctl-2:2.1-53.18.el7_7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-53.18.el7_7?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
                "product": {
                  "name": "microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
                  "product_id": "microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl-debuginfo@2.1-53.18.el7_7?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-53.18.el7_7.src as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.7)",
          "product_id": "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src"
        },
        "product_reference": "microcode_ctl-2:2.1-53.18.el7_7.src",
        "relates_to_product_reference": "7ComputeNode-7.7.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-53.18.el7_7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.7)",
          "product_id": "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-53.18.el7_7.x86_64",
        "relates_to_product_reference": "7ComputeNode-7.7.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.7)",
          "product_id": "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
        "relates_to_product_reference": "7ComputeNode-7.7.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-53.18.el7_7.src as a component of Red Hat Enterprise Linux Server EUS (v. 7.7)",
          "product_id": "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src"
        },
        "product_reference": "microcode_ctl-2:2.1-53.18.el7_7.src",
        "relates_to_product_reference": "7Server-7.7.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-53.18.el7_7.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.7)",
          "product_id": "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-53.18.el7_7.x86_64",
        "relates_to_product_reference": "7Server-7.7.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.7)",
          "product_id": "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
        "relates_to_product_reference": "7Server-7.7.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-0543",
      "discovery_date": "2020-04-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1827165"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Special Register Buffer Data Sampling (SRBDS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/5142691",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "RHBZ#1827165",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142691",
          "url": "https://access.redhat.com/solutions/5142691"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142751",
          "url": "https://access.redhat.com/solutions/5142751"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri",
          "url": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling",
          "url": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling"
        },
        {
          "category": "external",
          "summary": "https://xenbits.xen.org/xsa/advisory-320.html",
          "url": "https://xenbits.xen.org/xsa/advisory-320.html"
        }
      ],
      "release_date": "2020-06-09T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-10T16:13:33+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3029"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Special Register Buffer Data Sampling (SRBDS)"
    },
    {
      "cve": "CVE-2020-0548",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788786"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read by another process or a CPU sibling. The highest threat from this vulnerability is data confidentiality where an attacker could read arbitrary data as it passes through the processor.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Data Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788786",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-10T16:13:33+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3029"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: Vector Register Data Sampling"
    },
    {
      "cve": "CVE-2020-0549",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788788"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the \u201cfill buffers\u201d and not properly cleared by the MDS mitigations. The fill buffer contents (which were expected to be blank) can be inferred using MDS or TAA style attack methods to allow a local attacker to infer fill buffer values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: L1D Cache Eviction Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788788",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-10T16:13:33+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3029"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: L1D Cache Eviction Sampling"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-10T16:13:33+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3029"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-10T16:13:33+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3029"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-10T16:13:33+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3029"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24489",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962650"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel\u00ae VT-d products. Entries from the context cache on some types of context cache invalidations may not be properly invalidated which may allow an authenticated user to potentially enable escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: vt-d related privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962650",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-10T16:13:33+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3029"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hw: vt-d related privilege escalation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24511",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962702"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Microcode misconfiguration in some Intel processors may cause EIBRS mitigation (CVE-2017-5715) to be incomplete. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: improper isolation of shared resources in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962702",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24511",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-10T16:13:33+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3029"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: improper isolation of shared resources in some Intel Processors"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24512",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962722"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: observable timing discrepancy in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962722",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24512",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-10T16:13:33+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3029"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: observable timing discrepancy in some Intel Processors"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 8.2 Extended User Support.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Vector Register Data Sampling (CVE-2020-0548)\n\n* hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\n* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface\n(CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\n* hw: vt-d related privilege escalation (CVE-2020-24489)\n\n* hw: improper isolation of shared resources in some Intel Processors\n(CVE-2020-24511)\n\n* hw: observable timing discrepancy in some Intel Processors\n(CVE-2020-24512)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:3364",
        "url": "https://access.redhat.com/errata/RHSA-2021:3364"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1788786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
      },
      {
        "category": "external",
        "summary": "1788788",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
      },
      {
        "category": "external",
        "summary": "1827165",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "external",
        "summary": "1962650",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
      },
      {
        "category": "external",
        "summary": "1962702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
      },
      {
        "category": "external",
        "summary": "1962722",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
      },
      {
        "category": "external",
        "summary": "1972326",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1972326"
      },
      {
        "category": "external",
        "summary": "1972329",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1972329"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3364.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T19:59:34+00:00",
      "generator": {
        "date": "2025-10-09T19:59:34+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2021:3364",
      "initial_release_date": "2021-08-31T09:26:30+00:00",
      "revision_history": [
        {
          "date": "2021-08-31T09:26:30+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-08-31T09:26:30+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T19:59:34+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux BaseOS EUS (v. 8.2)",
                "product": {
                  "name": "Red Hat Enterprise Linux BaseOS EUS (v. 8.2)",
                  "product_id": "BaseOS-8.2.0.Z.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_eus:8.2::baseos"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
                "product": {
                  "name": "microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
                  "product_id": "microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20191115-4.20210608.1.el8_2?arch=src\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64",
                "product": {
                  "name": "microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64",
                  "product_id": "microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20191115-4.20210608.1.el8_2?arch=x86_64\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20191115-4.20210608.1.el8_2.src as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.2)",
          "product_id": "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src"
        },
        "product_reference": "microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
        "relates_to_product_reference": "BaseOS-8.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.2)",
          "product_id": "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
        },
        "product_reference": "microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64",
        "relates_to_product_reference": "BaseOS-8.2.0.Z.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-0543",
      "discovery_date": "2020-04-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1827165"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Special Register Buffer Data Sampling (SRBDS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/5142691",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "RHBZ#1827165",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142691",
          "url": "https://access.redhat.com/solutions/5142691"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142751",
          "url": "https://access.redhat.com/solutions/5142751"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri",
          "url": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling",
          "url": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling"
        },
        {
          "category": "external",
          "summary": "https://xenbits.xen.org/xsa/advisory-320.html",
          "url": "https://xenbits.xen.org/xsa/advisory-320.html"
        }
      ],
      "release_date": "2020-06-09T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T09:26:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3364"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Special Register Buffer Data Sampling (SRBDS)"
    },
    {
      "cve": "CVE-2020-0548",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788786"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read by another process or a CPU sibling. The highest threat from this vulnerability is data confidentiality where an attacker could read arbitrary data as it passes through the processor.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Data Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788786",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T09:26:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3364"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: Vector Register Data Sampling"
    },
    {
      "cve": "CVE-2020-0549",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788788"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the \u201cfill buffers\u201d and not properly cleared by the MDS mitigations. The fill buffer contents (which were expected to be blank) can be inferred using MDS or TAA style attack methods to allow a local attacker to infer fill buffer values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: L1D Cache Eviction Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788788",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T09:26:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3364"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: L1D Cache Eviction Sampling"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T09:26:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3364"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T09:26:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3364"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T09:26:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3364"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24489",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962650"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel\u00ae VT-d products. Entries from the context cache on some types of context cache invalidations may not be properly invalidated which may allow an authenticated user to potentially enable escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: vt-d related privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962650",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T09:26:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3364"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hw: vt-d related privilege escalation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24511",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962702"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Microcode misconfiguration in some Intel processors may cause EIBRS mitigation (CVE-2017-5715) to be incomplete. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: improper isolation of shared resources in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962702",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24511",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T09:26:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3364"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: improper isolation of shared resources in some Intel Processors"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24512",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962722"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: observable timing discrepancy in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962722",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24512",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T09:26:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3364"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: observable timing discrepancy in some Intel Processors"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n* hw: Vector Register Data Sampling (CVE-2020-0548)\n\n* hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\n* hw: vt-d related privilege escalation (CVE-2020-24489)\n\n* hw: improper isolation of shared resources in some Intel Processors\n(CVE-2020-24511)\n\n* hw: observable timing discrepancy in some Intel Processors\n(CVE-2020-24512)\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface\n(CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:3027",
        "url": "https://access.redhat.com/errata/RHSA-2021:3027"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1788786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
      },
      {
        "category": "external",
        "summary": "1788788",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
      },
      {
        "category": "external",
        "summary": "1827165",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "external",
        "summary": "1962650",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
      },
      {
        "category": "external",
        "summary": "1962702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
      },
      {
        "category": "external",
        "summary": "1962722",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
      },
      {
        "category": "external",
        "summary": "1972325",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1972325"
      },
      {
        "category": "external",
        "summary": "1972328",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1972328"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3027.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T19:59:29+00:00",
      "generator": {
        "date": "2025-10-09T19:59:29+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2021:3027",
      "initial_release_date": "2021-08-09T09:56:52+00:00",
      "revision_history": [
        {
          "date": "2021-08-09T09:56:52+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-08-09T09:56:52+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T19:59:29+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux BaseOS (v. 8)",
                "product": {
                  "name": "Red Hat Enterprise Linux BaseOS (v. 8)",
                  "product_id": "BaseOS-8.4.0.Z.MAIN.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:8::baseos"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
                "product": {
                  "name": "microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
                  "product_id": "microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20210216-1.20210608.1.el8_4?arch=src\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64",
                "product": {
                  "name": "microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64",
                  "product_id": "microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20210216-1.20210608.1.el8_4?arch=x86_64\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20210216-1.20210608.1.el8_4.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src"
        },
        "product_reference": "microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
        "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
        },
        "product_reference": "microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64",
        "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-0543",
      "discovery_date": "2020-04-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1827165"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Special Register Buffer Data Sampling (SRBDS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/5142691",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "RHBZ#1827165",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142691",
          "url": "https://access.redhat.com/solutions/5142691"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142751",
          "url": "https://access.redhat.com/solutions/5142751"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri",
          "url": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling",
          "url": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling"
        },
        {
          "category": "external",
          "summary": "https://xenbits.xen.org/xsa/advisory-320.html",
          "url": "https://xenbits.xen.org/xsa/advisory-320.html"
        }
      ],
      "release_date": "2020-06-09T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T09:56:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3027"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Special Register Buffer Data Sampling (SRBDS)"
    },
    {
      "cve": "CVE-2020-0548",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788786"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read by another process or a CPU sibling. The highest threat from this vulnerability is data confidentiality where an attacker could read arbitrary data as it passes through the processor.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Data Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788786",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T09:56:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3027"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: Vector Register Data Sampling"
    },
    {
      "cve": "CVE-2020-0549",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788788"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the \u201cfill buffers\u201d and not properly cleared by the MDS mitigations. The fill buffer contents (which were expected to be blank) can be inferred using MDS or TAA style attack methods to allow a local attacker to infer fill buffer values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: L1D Cache Eviction Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788788",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T09:56:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3027"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: L1D Cache Eviction Sampling"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T09:56:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3027"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T09:56:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3027"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T09:56:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3027"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24489",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962650"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel\u00ae VT-d products. Entries from the context cache on some types of context cache invalidations may not be properly invalidated which may allow an authenticated user to potentially enable escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: vt-d related privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962650",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T09:56:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3027"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hw: vt-d related privilege escalation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24511",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962702"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Microcode misconfiguration in some Intel processors may cause EIBRS mitigation (CVE-2017-5715) to be incomplete. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: improper isolation of shared resources in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962702",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24511",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T09:56:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3027"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: improper isolation of shared resources in some Intel Processors"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24512",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962722"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: observable timing discrepancy in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962722",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24512",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T09:56:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3027"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: observable timing discrepancy in some Intel Processors"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\nBug Fix(es) and Enhancement(s):\n\n* Update Intel CPU microcode to microcode-20201027 release, addresses:\n\n  - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;\n  - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;\n  - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;\n  - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;\n  - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;\n  - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision\n    0xe0;\n  - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in\n    intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in\n    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up\n    to 0x2006a08;\n  - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in\n    intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up\n    to 0xe0;\n  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)\n    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from\n    revision 0xd6 up to 0xde;\n  - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode\n    from revision 0x43 up to 0x44;\n  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157\n    up to 0x1000159;\n  - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01\n    up to 0x4003003;\n  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision\n    0x5002f01 up to 0x5003003;\n  - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up\n    to 0x40;\n  - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up\n    to 0x1e;\n  - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up\n    to 0x18;\n  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78\n    up to 0xa0;\n  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca\n    up to 0xe0.\n\n* Add README file to the documentation directory.\n\n* Add publicly-sourced codenames list to supply to gen_provides.sh; update\n  the latter to handle the somewhat different format.\n\n* Add SUMMARY.intel-ucode file containing metadata information from\n  the microcode file headers.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:5185",
        "url": "https://access.redhat.com/errata/RHSA-2020:5185"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5185.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T21:12:04+00:00",
      "generator": {
        "date": "2025-10-09T21:12:04+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2020:5185",
      "initial_release_date": "2020-11-23T18:00:10+00:00",
      "revision_history": [
        {
          "date": "2020-11-23T18:00:10+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-11-23T18:00:10+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T21:12:04+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux BaseOS EUS (v. 8.2)",
                "product": {
                  "name": "Red Hat Enterprise Linux BaseOS EUS (v. 8.2)",
                  "product_id": "BaseOS-8.2.0.Z.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_eus:8.2::baseos"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64",
                "product": {
                  "name": "microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64",
                  "product_id": "microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20191115-4.20201112.1.el8_2?arch=x86_64\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
                "product": {
                  "name": "microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
                  "product_id": "microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20191115-4.20201112.1.el8_2?arch=src\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20191115-4.20201112.1.el8_2.src as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.2)",
          "product_id": "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.src"
        },
        "product_reference": "microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
        "relates_to_product_reference": "BaseOS-8.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.2)",
          "product_id": "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64"
        },
        "product_reference": "microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64",
        "relates_to_product_reference": "BaseOS-8.2.0.Z.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T18:00:10+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5185"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T18:00:10+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5185"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T18:00:10+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5185"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20201112.1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Security Fix(es):\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nBug Fix(es) and Enhancement(s):\n\n* Update Intel CPU microcode to microcode-20201027 release, addresses:\n  - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;\n  - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;\n  - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;\n  - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;\n  - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;\n  - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision\n    0xe0;\n  - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in\n    intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in\n    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up\n    to 0x2006a08;\n  - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in\n    intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up\n    to 0xe0;\n  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)\n    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from\n    revision 0xd6 up to 0xde;\n  - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode\n    from revision 0x43 up to 0x44;\n  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157\n    up to 0x1000159;\n  - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01\n    up to 0x4003003;\n  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision\n    0x5002f01 up to 0x5003003;\n  - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up\n    to 0x40;\n  - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up\n    to 0x1e;\n  - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up\n    to 0x18;\n  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78\n    up to 0xa0;\n  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca\n    up to 0xe0.\n\n* Add README file to the documentation directory.\n\n* Add publicly-sourced codenames list to supply to gen_provides.sh; update the latter to handle the somewhat different format.\n\n* Add SUMMARY.intel-ucode file containing metadata information from the microcode file headers.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:5083",
        "url": "https://access.redhat.com/errata/RHSA-2020:5083"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5083.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T21:12:03+00:00",
      "generator": {
        "date": "2025-10-09T21:12:03+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2020:5083",
      "initial_release_date": "2020-11-11T10:19:00+00:00",
      "revision_history": [
        {
          "date": "2020-11-11T10:19:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-11-11T10:19:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T21:12:03+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Client (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Client (v. 7)",
                  "product_id": "7Client-7.9.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server (v. 7)",
                  "product_id": "7Server-7.9.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation (v. 7)",
                  "product_id": "7Workstation-7.9.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-73.2.el7_9.x86_64",
                "product": {
                  "name": "microcode_ctl-2:2.1-73.2.el7_9.x86_64",
                  "product_id": "microcode_ctl-2:2.1-73.2.el7_9.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-73.2.el7_9?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
                "product": {
                  "name": "microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
                  "product_id": "microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl-debuginfo@2.1-73.2.el7_9?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-73.2.el7_9.src",
                "product": {
                  "name": "microcode_ctl-2:2.1-73.2.el7_9.src",
                  "product_id": "microcode_ctl-2:2.1-73.2.el7_9.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-73.2.el7_9?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-73.2.el7_9.src as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src"
        },
        "product_reference": "microcode_ctl-2:2.1-73.2.el7_9.src",
        "relates_to_product_reference": "7Client-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-73.2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-73.2.el7_9.x86_64",
        "relates_to_product_reference": "7Client-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
        "relates_to_product_reference": "7Client-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-73.2.el7_9.src as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src"
        },
        "product_reference": "microcode_ctl-2:2.1-73.2.el7_9.src",
        "relates_to_product_reference": "7Server-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-73.2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-73.2.el7_9.x86_64",
        "relates_to_product_reference": "7Server-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
        "relates_to_product_reference": "7Server-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-73.2.el7_9.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src"
        },
        "product_reference": "microcode_ctl-2:2.1-73.2.el7_9.src",
        "relates_to_product_reference": "7Workstation-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-73.2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-73.2.el7_9.x86_64",
        "relates_to_product_reference": "7Workstation-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
        "relates_to_product_reference": "7Workstation-7.9.Z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
          "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-11T10:19:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5083"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
          "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-11T10:19:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5083"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
          "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-11T10:19:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5083"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n* hw: Vector Register Data Sampling (CVE-2020-0548)\n\n* hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\n* hw: vt-d related privilege escalation (CVE-2020-24489)\n\n* hw: improper isolation of shared resources in some Intel Processors (CVE-2020-24511)\n\n* hw: observable timing discrepancy in some Intel Processors (CVE-2020-24512)\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:3255",
        "url": "https://access.redhat.com/errata/RHSA-2021:3255"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1788786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
      },
      {
        "category": "external",
        "summary": "1788788",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
      },
      {
        "category": "external",
        "summary": "1827165",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "external",
        "summary": "1962650",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
      },
      {
        "category": "external",
        "summary": "1962702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
      },
      {
        "category": "external",
        "summary": "1962722",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
      },
      {
        "category": "external",
        "summary": "1972334",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1972334"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3255.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T19:59:30+00:00",
      "generator": {
        "date": "2025-10-09T19:59:30+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2021:3255",
      "initial_release_date": "2021-08-24T10:01:08+00:00",
      "revision_history": [
        {
          "date": "2021-08-24T10:01:08+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-08-24T12:01:49+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T19:59:30+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server AUS (v. 7.4)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server AUS (v. 7.4)",
                  "product_id": "7Server-7.4.AUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_aus:7.4::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server E4S (v. 7.4)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server E4S (v. 7.4)",
                  "product_id": "7Server-7.4.E4S",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_e4s:7.4::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server TUS (v. 7.4)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server TUS (v. 7.4)",
                  "product_id": "7Server-7.4.TUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_tus:7.4::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-22.41.el7_4.src",
                "product": {
                  "name": "microcode_ctl-2:2.1-22.41.el7_4.src",
                  "product_id": "microcode_ctl-2:2.1-22.41.el7_4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-22.41.el7_4?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-22.41.el7_4.x86_64",
                "product": {
                  "name": "microcode_ctl-2:2.1-22.41.el7_4.x86_64",
                  "product_id": "microcode_ctl-2:2.1-22.41.el7_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-22.41.el7_4?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
                "product": {
                  "name": "microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
                  "product_id": "microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl-debuginfo@2.1-22.41.el7_4?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-22.41.el7_4.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
          "product_id": "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src"
        },
        "product_reference": "microcode_ctl-2:2.1-22.41.el7_4.src",
        "relates_to_product_reference": "7Server-7.4.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-22.41.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
          "product_id": "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-22.41.el7_4.x86_64",
        "relates_to_product_reference": "7Server-7.4.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
          "product_id": "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
        "relates_to_product_reference": "7Server-7.4.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-22.41.el7_4.src as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
          "product_id": "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src"
        },
        "product_reference": "microcode_ctl-2:2.1-22.41.el7_4.src",
        "relates_to_product_reference": "7Server-7.4.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-22.41.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
          "product_id": "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-22.41.el7_4.x86_64",
        "relates_to_product_reference": "7Server-7.4.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
          "product_id": "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
        "relates_to_product_reference": "7Server-7.4.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-22.41.el7_4.src as a component of Red Hat Enterprise Linux Server TUS (v. 7.4)",
          "product_id": "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src"
        },
        "product_reference": "microcode_ctl-2:2.1-22.41.el7_4.src",
        "relates_to_product_reference": "7Server-7.4.TUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-22.41.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.4)",
          "product_id": "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-22.41.el7_4.x86_64",
        "relates_to_product_reference": "7Server-7.4.TUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.4)",
          "product_id": "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
        "relates_to_product_reference": "7Server-7.4.TUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-0543",
      "discovery_date": "2020-04-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1827165"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Special Register Buffer Data Sampling (SRBDS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/5142691",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "RHBZ#1827165",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142691",
          "url": "https://access.redhat.com/solutions/5142691"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142751",
          "url": "https://access.redhat.com/solutions/5142751"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri",
          "url": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling",
          "url": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling"
        },
        {
          "category": "external",
          "summary": "https://xenbits.xen.org/xsa/advisory-320.html",
          "url": "https://xenbits.xen.org/xsa/advisory-320.html"
        }
      ],
      "release_date": "2020-06-09T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-24T10:01:08+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3255"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Special Register Buffer Data Sampling (SRBDS)"
    },
    {
      "cve": "CVE-2020-0548",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788786"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read by another process or a CPU sibling. The highest threat from this vulnerability is data confidentiality where an attacker could read arbitrary data as it passes through the processor.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Data Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788786",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-24T10:01:08+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3255"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: Vector Register Data Sampling"
    },
    {
      "cve": "CVE-2020-0549",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788788"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the \u201cfill buffers\u201d and not properly cleared by the MDS mitigations. The fill buffer contents (which were expected to be blank) can be inferred using MDS or TAA style attack methods to allow a local attacker to infer fill buffer values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: L1D Cache Eviction Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788788",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-24T10:01:08+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3255"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: L1D Cache Eviction Sampling"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-24T10:01:08+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3255"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-24T10:01:08+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3255"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-24T10:01:08+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3255"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24489",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962650"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel\u00ae VT-d products. Entries from the context cache on some types of context cache invalidations may not be properly invalidated which may allow an authenticated user to potentially enable escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: vt-d related privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962650",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-24T10:01:08+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3255"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hw: vt-d related privilege escalation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24511",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962702"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Microcode misconfiguration in some Intel processors may cause EIBRS mitigation (CVE-2017-5715) to be incomplete. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: improper isolation of shared resources in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962702",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24511",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-24T10:01:08+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3255"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: improper isolation of shared resources in some Intel Processors"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24512",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962722"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: observable timing discrepancy in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962722",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24512",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-24T10:01:08+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3255"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: observable timing discrepancy in some Intel Processors"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.4 Advances Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\nBug Fix(es) and Enhancement(s):\n* Update Intel CPU microcode to microcode-20201112 release, addresses:\n  - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;\n  - Addition of 06-8a-01/0x10 (LKF B2/B3) microcode at revision 0x28;\n  - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;\n  - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;\n  - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;\n  - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;\n  - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision\n    0xe0;\n  - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in\n    intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in\n    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up\n    to 0x2006a08;\n  - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in\n    intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up\n    to 0xe0;\n  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)\n    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from\n    revision 0xd6 up to 0xde;\n  - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode\n    from revision 0x43 up to 0x44;\n  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157\n    up to 0x1000159;\n  - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01\n    up to 0x4003003;\n  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision\n    0x5002f01 up to 0x5003003;\n  - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up\n    to 0x40;\n  - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up\n    to 0x1e;\n  - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x32 up\n    to 0x34;\n  - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up\n    to 0x18;\n  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78\n    up to 0xa0;\n  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca\n    up to 0xe0.\n* Disable 06-8c-01 (TGL-UP3/UP4 B1) microcode update by default.\n* Add README file to the documentation directory.\n* Add publicly-sourced codenames list to supply to gen_provides.sh; update\n  the latter to handle the somewhat different format.\n* Add SUMMARY.intel-ucode file",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:5182",
        "url": "https://access.redhat.com/errata/RHSA-2020:5182"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5182.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2024-12-29T19:04:37+00:00",
      "generator": {
        "date": "2024-12-29T19:04:37+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.4"
        }
      },
      "id": "RHSA-2020:5182",
      "initial_release_date": "2020-11-23T17:48:53+00:00",
      "revision_history": [
        {
          "date": "2020-11-23T17:48:53+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-11-23T17:48:53+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-29T19:04:37+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server AUS (v. 7.4)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server AUS (v. 7.4)",
                  "product_id": "7Server-7.4.AUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_aus:7.4::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server E4S (v. 7.4)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server E4S (v. 7.4)",
                  "product_id": "7Server-7.4.E4S",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_e4s:7.4::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server TUS (v. 7.4)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server TUS (v. 7.4)",
                  "product_id": "7Server-7.4.TUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_tus:7.4::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-22.36.el7_4.x86_64",
                "product": {
                  "name": "microcode_ctl-2:2.1-22.36.el7_4.x86_64",
                  "product_id": "microcode_ctl-2:2.1-22.36.el7_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-22.36.el7_4?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
                "product": {
                  "name": "microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
                  "product_id": "microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl-debuginfo@2.1-22.36.el7_4?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-22.36.el7_4.src",
                "product": {
                  "name": "microcode_ctl-2:2.1-22.36.el7_4.src",
                  "product_id": "microcode_ctl-2:2.1-22.36.el7_4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-22.36.el7_4?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-22.36.el7_4.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
          "product_id": "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.src"
        },
        "product_reference": "microcode_ctl-2:2.1-22.36.el7_4.src",
        "relates_to_product_reference": "7Server-7.4.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-22.36.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
          "product_id": "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-22.36.el7_4.x86_64",
        "relates_to_product_reference": "7Server-7.4.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
          "product_id": "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
        "relates_to_product_reference": "7Server-7.4.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-22.36.el7_4.src as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
          "product_id": "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.src"
        },
        "product_reference": "microcode_ctl-2:2.1-22.36.el7_4.src",
        "relates_to_product_reference": "7Server-7.4.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-22.36.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
          "product_id": "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-22.36.el7_4.x86_64",
        "relates_to_product_reference": "7Server-7.4.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
          "product_id": "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
        "relates_to_product_reference": "7Server-7.4.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-22.36.el7_4.src as a component of Red Hat Enterprise Linux Server TUS (v. 7.4)",
          "product_id": "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.src"
        },
        "product_reference": "microcode_ctl-2:2.1-22.36.el7_4.src",
        "relates_to_product_reference": "7Server-7.4.TUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-22.36.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.4)",
          "product_id": "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-22.36.el7_4.x86_64",
        "relates_to_product_reference": "7Server-7.4.TUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.4)",
          "product_id": "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
        "relates_to_product_reference": "7Server-7.4.TUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.src",
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.src",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.src",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T17:48:53+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5182"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.src",
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.src",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.src",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T17:48:53+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5182"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.src",
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.src",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.src",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T17:48:53+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5182"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red at Enterprise Linux 7.7 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\nBug Fix(es) and Enhancement(s):\n* Update Intel CPU microcode to microcode-20201112 release, addresses:\n  - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;\n  - Addition of 06-8a-01/0x10 (LKF B2/B3) microcode at revision 0x28;\n  - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;\n  - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;\n  - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;\n  - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;\n  - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision\n    0xe0;\n  - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in\n    intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in\n    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up\n    to 0x2006a08;\n  - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in\n    intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up\n    to 0xe0;\n  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)\n    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from\n    revision 0xd6 up to 0xde;\n  - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode\n    from revision 0x43 up to 0x44;\n  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157\n    up to 0x1000159;\n  - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01\n    up to 0x4003003;\n  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision\n    0x5002f01 up to 0x5003003;\n  - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up\n    to 0x40;\n  - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up\n    to 0x1e;\n  - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x32 up\n    to 0x34;\n  - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up\n    to 0x18;\n  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78\n    up to 0xa0;\n  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca\n    up to 0xe0.\n* Disable 06-8c-01 (TGL-UP3/UP4 B1) microcode update by default.\n* Add README file to the documentation directory.\n* Add publicly-sourced codenames list to supply to gen_provides.sh; update\n  the latter to handle the somewhat different format.\n* Add SUMMARY.intel-ucode file",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:5190",
        "url": "https://access.redhat.com/errata/RHSA-2020:5190"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5190.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T21:12:04+00:00",
      "generator": {
        "date": "2025-10-09T21:12:04+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2020:5190",
      "initial_release_date": "2020-11-23T19:27:14+00:00",
      "revision_history": [
        {
          "date": "2020-11-23T19:27:14+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-11-23T19:27:14+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T21:12:04+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ComputeNode EUS (v. 7.7)",
                "product": {
                  "name": "Red Hat Enterprise Linux ComputeNode EUS (v. 7.7)",
                  "product_id": "7ComputeNode-7.7.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_eus:7.7::computenode"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server EUS (v. 7.7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server EUS (v. 7.7)",
                  "product_id": "7Server-7.7.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_eus:7.7::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-53.13.el7_7.x86_64",
                "product": {
                  "name": "microcode_ctl-2:2.1-53.13.el7_7.x86_64",
                  "product_id": "microcode_ctl-2:2.1-53.13.el7_7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-53.13.el7_7?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
                "product": {
                  "name": "microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
                  "product_id": "microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl-debuginfo@2.1-53.13.el7_7?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-53.13.el7_7.src",
                "product": {
                  "name": "microcode_ctl-2:2.1-53.13.el7_7.src",
                  "product_id": "microcode_ctl-2:2.1-53.13.el7_7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-53.13.el7_7?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-53.13.el7_7.src as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.7)",
          "product_id": "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src"
        },
        "product_reference": "microcode_ctl-2:2.1-53.13.el7_7.src",
        "relates_to_product_reference": "7ComputeNode-7.7.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-53.13.el7_7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.7)",
          "product_id": "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-53.13.el7_7.x86_64",
        "relates_to_product_reference": "7ComputeNode-7.7.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.7)",
          "product_id": "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
        "relates_to_product_reference": "7ComputeNode-7.7.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-53.13.el7_7.src as a component of Red Hat Enterprise Linux Server EUS (v. 7.7)",
          "product_id": "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src"
        },
        "product_reference": "microcode_ctl-2:2.1-53.13.el7_7.src",
        "relates_to_product_reference": "7Server-7.7.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-53.13.el7_7.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.7)",
          "product_id": "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-53.13.el7_7.x86_64",
        "relates_to_product_reference": "7Server-7.7.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.7)",
          "product_id": "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
        "relates_to_product_reference": "7Server-7.7.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
          "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T19:27:14+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5190"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
          "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T19:27:14+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5190"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
          "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T19:27:14+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5190"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\nBug Fix(es) and Enhancement(s):\n\n* Update Intel CPU microcode to microcode-20201112 release, addresses:\n\n  - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;\n  - Addition of 06-8a-01/0x10 (LKF B2/B3) microcode at revision 0x28;\n  - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;\n  - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;\n  - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;\n  - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;\n  - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision\n    0xe0;\n  - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in\n    intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in\n    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up\n    to 0x2006a08;\n  - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in\n    intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up\n    to 0xe0;\n  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)\n    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from\n    revision 0xd6 up to 0xde;\n  - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode\n    from revision 0x43 up to 0x44;\n  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157\n    up to 0x1000159;\n  - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01\n    up to 0x4003003;\n  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision\n    0x5002f01 up to 0x5003003;\n  - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up\n    to 0x40;\n  - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up\n    to 0x1e;\n  - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x32 up\n    to 0x34;\n  - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up\n    to 0x18;\n  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78\n    up to 0xa0;\n  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca\n    up to 0xe0.\n\n* Disable 06-8c-01 (TGL-UP3/UP4 B1) microcode update by default.\n\n* Add README file to the documentation directory.\n\n* Add publicly-sourced codenames list to supply to gen_provides.sh; update\n  the latter to handle the somewhat different format.\n\n* Add SUMMARY.intel-ucode file",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:5188",
        "url": "https://access.redhat.com/errata/RHSA-2020:5188"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5188.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T21:12:04+00:00",
      "generator": {
        "date": "2025-10-09T21:12:04+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2020:5188",
      "initial_release_date": "2020-11-23T18:58:41+00:00",
      "revision_history": [
        {
          "date": "2020-11-23T18:58:41+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-11-23T18:58:41+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T21:12:04+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server AUS (v. 7.2)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server AUS (v. 7.2)",
                  "product_id": "7Server-7.2.AUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_aus:7.2::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-12.34.el7_2.x86_64",
                "product": {
                  "name": "microcode_ctl-2:2.1-12.34.el7_2.x86_64",
                  "product_id": "microcode_ctl-2:2.1-12.34.el7_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-12.34.el7_2?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64",
                "product": {
                  "name": "microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64",
                  "product_id": "microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl-debuginfo@2.1-12.34.el7_2?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-12.34.el7_2.src",
                "product": {
                  "name": "microcode_ctl-2:2.1-12.34.el7_2.src",
                  "product_id": "microcode_ctl-2:2.1-12.34.el7_2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-12.34.el7_2?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-12.34.el7_2.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)",
          "product_id": "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.src"
        },
        "product_reference": "microcode_ctl-2:2.1-12.34.el7_2.src",
        "relates_to_product_reference": "7Server-7.2.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-12.34.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)",
          "product_id": "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-12.34.el7_2.x86_64",
        "relates_to_product_reference": "7Server-7.2.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)",
          "product_id": "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64",
        "relates_to_product_reference": "7Server-7.2.AUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.src",
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.x86_64",
          "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T18:58:41+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5188"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.src",
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.x86_64",
          "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T18:58:41+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5188"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.src",
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.x86_64",
          "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T18:58:41+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5188"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n* hw: Vector Register Data Sampling (CVE-2020-0548)\n\n* hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\n* hw: vt-d related privilege escalation (CVE-2020-24489)\n\n* hw: improper isolation of shared resources in some Intel Processors\n(CVE-2020-24511)\n\n* hw: observable timing discrepancy in some Intel Processors\n(CVE-2020-24512)\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface\n(CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:3028",
        "url": "https://access.redhat.com/errata/RHSA-2021:3028"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1788786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
      },
      {
        "category": "external",
        "summary": "1788788",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
      },
      {
        "category": "external",
        "summary": "1827165",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "external",
        "summary": "1897684",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897684"
      },
      {
        "category": "external",
        "summary": "1962650",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
      },
      {
        "category": "external",
        "summary": "1962702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
      },
      {
        "category": "external",
        "summary": "1962722",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3028.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2024-12-29T19:04:40+00:00",
      "generator": {
        "date": "2024-12-29T19:04:40+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.4"
        }
      },
      "id": "RHSA-2021:3028",
      "initial_release_date": "2021-08-09T10:18:52+00:00",
      "revision_history": [
        {
          "date": "2021-08-09T10:18:52+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-08-09T10:18:52+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-29T19:04:40+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Client (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Client (v. 7)",
                  "product_id": "7Client-7.9.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server (v. 7)",
                  "product_id": "7Server-7.9.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation (v. 7)",
                  "product_id": "7Workstation-7.9.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-73.11.el7_9.src",
                "product": {
                  "name": "microcode_ctl-2:2.1-73.11.el7_9.src",
                  "product_id": "microcode_ctl-2:2.1-73.11.el7_9.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-73.11.el7_9?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-73.11.el7_9.x86_64",
                "product": {
                  "name": "microcode_ctl-2:2.1-73.11.el7_9.x86_64",
                  "product_id": "microcode_ctl-2:2.1-73.11.el7_9.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-73.11.el7_9?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
                "product": {
                  "name": "microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
                  "product_id": "microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl-debuginfo@2.1-73.11.el7_9?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-73.11.el7_9.src as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src"
        },
        "product_reference": "microcode_ctl-2:2.1-73.11.el7_9.src",
        "relates_to_product_reference": "7Client-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-73.11.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-73.11.el7_9.x86_64",
        "relates_to_product_reference": "7Client-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
        "relates_to_product_reference": "7Client-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-73.11.el7_9.src as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src"
        },
        "product_reference": "microcode_ctl-2:2.1-73.11.el7_9.src",
        "relates_to_product_reference": "7Server-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-73.11.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-73.11.el7_9.x86_64",
        "relates_to_product_reference": "7Server-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
        "relates_to_product_reference": "7Server-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-73.11.el7_9.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src"
        },
        "product_reference": "microcode_ctl-2:2.1-73.11.el7_9.src",
        "relates_to_product_reference": "7Workstation-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-73.11.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-73.11.el7_9.x86_64",
        "relates_to_product_reference": "7Workstation-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
        "relates_to_product_reference": "7Workstation-7.9.Z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-0543",
      "discovery_date": "2020-04-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1827165"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Special Register Buffer Data Sampling (SRBDS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/5142691",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "RHBZ#1827165",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142691",
          "url": "https://access.redhat.com/solutions/5142691"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142751",
          "url": "https://access.redhat.com/solutions/5142751"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri",
          "url": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling",
          "url": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling"
        },
        {
          "category": "external",
          "summary": "https://xenbits.xen.org/xsa/advisory-320.html",
          "url": "https://xenbits.xen.org/xsa/advisory-320.html"
        }
      ],
      "release_date": "2020-06-09T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T10:18:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3028"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Special Register Buffer Data Sampling (SRBDS)"
    },
    {
      "cve": "CVE-2020-0548",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788786"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read by another process or a CPU sibling. The highest threat from this vulnerability is data confidentiality where an attacker could read arbitrary data as it passes through the processor.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Data Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788786",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T10:18:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3028"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: Vector Register Data Sampling"
    },
    {
      "cve": "CVE-2020-0549",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788788"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the \u201cfill buffers\u201d and not properly cleared by the MDS mitigations. The fill buffer contents (which were expected to be blank) can be inferred using MDS or TAA style attack methods to allow a local attacker to infer fill buffer values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: L1D Cache Eviction Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788788",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T10:18:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3028"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: L1D Cache Eviction Sampling"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T10:18:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3028"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T10:18:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3028"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T10:18:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3028"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24489",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962650"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel\u00ae VT-d products. Entries from the context cache on some types of context cache invalidations may not be properly invalidated which may allow an authenticated user to potentially enable escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: vt-d related privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962650",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T10:18:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3028"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hw: vt-d related privilege escalation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24511",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962702"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Microcode misconfiguration in some Intel processors may cause EIBRS mitigation (CVE-2017-5715) to be incomplete. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: improper isolation of shared resources in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962702",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24511",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T10:18:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3028"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: improper isolation of shared resources in some Intel Processors"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24512",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962722"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: observable timing discrepancy in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962722",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24512",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T10:18:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3028"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: observable timing discrepancy in some Intel Processors"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\nBug Fix(es) and Enhancement(s):\n\n* Update Intel CPU microcode to microcode-20201112 release, addresses:\n  - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;\n  - Addition of 06-8a-01/0x10 (LKF B2/B3) microcode at revision 0x28;\n  - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;\n  - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;\n  - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;\n  - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;\n  - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision\n    0xe0;\n  - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in\n    intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in\n    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up\n    to 0x2006a08;\n  - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in\n    intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up\n    to 0xe0;\n  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)\n    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from\n    revision 0xd6 up to 0xde;\n  - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode\n    from revision 0x43 up to 0x44;\n  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157\n    up to 0x1000159;\n  - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01\n    up to 0x4003003;\n  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision\n    0x5002f01 up to 0x5003003;\n  - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up\n    to 0x40;\n  - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up\n    to 0x1e;\n  - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x32 up\n    to 0x34;\n  - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up\n    to 0x18;\n  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78\n    up to 0xa0;\n  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca\n    up to 0xe0.\n\n* Disable 06-8c-01 (TGL-UP3/UP4 B1) microcode update by default.\n\n* Add README file to the documentation directory.\n\n* Add publicly-sourced codenames list to supply to gen_provides.sh; update\n  the latter to handle the somewhat different format.\n\n* Add SUMMARY.intel-ucode file",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:5183",
        "url": "https://access.redhat.com/errata/RHSA-2020:5183"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5183.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T21:12:03+00:00",
      "generator": {
        "date": "2025-10-09T21:12:03+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2020:5183",
      "initial_release_date": "2020-11-23T17:47:49+00:00",
      "revision_history": [
        {
          "date": "2020-11-23T17:47:49+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-11-23T17:47:49+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T21:12:03+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server AUS (v. 7.3)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server AUS (v. 7.3)",
                  "product_id": "7Server-7.3.AUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_aus:7.3::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server E4S (v. 7.3)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server E4S (v. 7.3)",
                  "product_id": "7Server-7.3.E4S",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_e4s:7.3::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server TUS (v. 7.3)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server TUS (v. 7.3)",
                  "product_id": "7Server-7.3.TUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_tus:7.3::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-16.37.el7_3.x86_64",
                "product": {
                  "name": "microcode_ctl-2:2.1-16.37.el7_3.x86_64",
                  "product_id": "microcode_ctl-2:2.1-16.37.el7_3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-16.37.el7_3?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
                "product": {
                  "name": "microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
                  "product_id": "microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl-debuginfo@2.1-16.37.el7_3?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-16.37.el7_3.src",
                "product": {
                  "name": "microcode_ctl-2:2.1-16.37.el7_3.src",
                  "product_id": "microcode_ctl-2:2.1-16.37.el7_3.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-16.37.el7_3?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-16.37.el7_3.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
          "product_id": "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.src"
        },
        "product_reference": "microcode_ctl-2:2.1-16.37.el7_3.src",
        "relates_to_product_reference": "7Server-7.3.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-16.37.el7_3.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
          "product_id": "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-16.37.el7_3.x86_64",
        "relates_to_product_reference": "7Server-7.3.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
          "product_id": "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
        "relates_to_product_reference": "7Server-7.3.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-16.37.el7_3.src as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
          "product_id": "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.src"
        },
        "product_reference": "microcode_ctl-2:2.1-16.37.el7_3.src",
        "relates_to_product_reference": "7Server-7.3.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-16.37.el7_3.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
          "product_id": "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-16.37.el7_3.x86_64",
        "relates_to_product_reference": "7Server-7.3.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
          "product_id": "7Server-7.3.E4S:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
        "relates_to_product_reference": "7Server-7.3.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-16.37.el7_3.src as a component of Red Hat Enterprise Linux Server TUS (v. 7.3)",
          "product_id": "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.src"
        },
        "product_reference": "microcode_ctl-2:2.1-16.37.el7_3.src",
        "relates_to_product_reference": "7Server-7.3.TUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-16.37.el7_3.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.3)",
          "product_id": "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-16.37.el7_3.x86_64",
        "relates_to_product_reference": "7Server-7.3.TUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.3)",
          "product_id": "7Server-7.3.TUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
        "relates_to_product_reference": "7Server-7.3.TUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.src",
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.src",
          "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.E4S:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.src",
          "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.TUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T17:47:49+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5183"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.src",
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.src",
          "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.E4S:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.src",
          "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.TUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T17:47:49+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5183"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.src",
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.src",
          "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.E4S:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.src",
          "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.TUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T17:47:49+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5183"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\nBug Fix(es) and Enhancement(s):\n* Update Intel CPU microcode to microcode-20201112 release, addresses:\n  - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;\n  - Addition of 06-8a-01/0x10 (LKF B2/B3) microcode at revision 0x28;\n  - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;\n  - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;\n  - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;\n  - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;\n  - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision\n    0xe0;\n  - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in\n    intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in\n    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up\n    to 0x2006a08;\n  - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in\n    intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up\n    to 0xe0;\n  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)\n    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from\n    revision 0xd6 up to 0xde;\n  - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode\n    from revision 0x43 up to 0x44;\n  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157\n    up to 0x1000159;\n  - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01\n    up to 0x4003003;\n  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision\n    0x5002f01 up to 0x5003003;\n  - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up\n    to 0x40;\n  - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up\n    to 0x1e;\n  - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x32 up\n    to 0x34;\n  - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up\n    to 0x18;\n  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78\n    up to 0xa0;\n  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca\n    up to 0xe0.\n* Disable 06-8c-01 (TGL-UP3/UP4 B1) microcode update by default.\n* Add README file to the documentation directory.\n* Add publicly-sourced codenames list to supply to gen_provides.sh; update\n  the latter to handle the somewhat different format.\n* Add SUMMARY.intel-ucode file",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:5181",
        "url": "https://access.redhat.com/errata/RHSA-2020:5181"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5181.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T21:12:02+00:00",
      "generator": {
        "date": "2025-10-09T21:12:02+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2020:5181",
      "initial_release_date": "2020-11-23T18:01:27+00:00",
      "revision_history": [
        {
          "date": "2020-11-23T18:01:27+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-11-23T18:01:27+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T21:12:02+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ComputeNode EUS (v. 7.6)",
                "product": {
                  "name": "Red Hat Enterprise Linux ComputeNode EUS (v. 7.6)",
                  "product_id": "7ComputeNode-7.6.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_eus:7.6::computenode"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server EUS (v. 7.6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server EUS (v. 7.6)",
                  "product_id": "7Server-7.6.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_eus:7.6::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-47.18.el7_6.x86_64",
                "product": {
                  "name": "microcode_ctl-2:2.1-47.18.el7_6.x86_64",
                  "product_id": "microcode_ctl-2:2.1-47.18.el7_6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-47.18.el7_6?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
                "product": {
                  "name": "microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
                  "product_id": "microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl-debuginfo@2.1-47.18.el7_6?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-47.18.el7_6.src",
                "product": {
                  "name": "microcode_ctl-2:2.1-47.18.el7_6.src",
                  "product_id": "microcode_ctl-2:2.1-47.18.el7_6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-47.18.el7_6?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-47.18.el7_6.src as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.6)",
          "product_id": "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src"
        },
        "product_reference": "microcode_ctl-2:2.1-47.18.el7_6.src",
        "relates_to_product_reference": "7ComputeNode-7.6.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-47.18.el7_6.x86_64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.6)",
          "product_id": "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-47.18.el7_6.x86_64",
        "relates_to_product_reference": "7ComputeNode-7.6.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.6)",
          "product_id": "7ComputeNode-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
        "relates_to_product_reference": "7ComputeNode-7.6.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-47.18.el7_6.src as a component of Red Hat Enterprise Linux Server EUS (v. 7.6)",
          "product_id": "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src"
        },
        "product_reference": "microcode_ctl-2:2.1-47.18.el7_6.src",
        "relates_to_product_reference": "7Server-7.6.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-47.18.el7_6.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.6)",
          "product_id": "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-47.18.el7_6.x86_64",
        "relates_to_product_reference": "7Server-7.6.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.6)",
          "product_id": "7Server-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
        "relates_to_product_reference": "7Server-7.6.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
          "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
          "7ComputeNode-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
          "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
          "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
          "7Server-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T18:01:27+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7ComputeNode-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5181"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7ComputeNode-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7ComputeNode-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
          "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
          "7ComputeNode-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
          "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
          "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
          "7Server-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T18:01:27+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7ComputeNode-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5181"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7ComputeNode-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
          "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
          "7ComputeNode-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
          "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
          "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
          "7Server-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T18:01:27+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7ComputeNode-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5181"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7ComputeNode-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 8.2 Extended User Support.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Vector Register Data Sampling (CVE-2020-0548)\n\n* hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\n* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface\n(CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\n* hw: vt-d related privilege escalation (CVE-2020-24489)\n\n* hw: improper isolation of shared resources in some Intel Processors\n(CVE-2020-24511)\n\n* hw: observable timing discrepancy in some Intel Processors\n(CVE-2020-24512)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:3364",
        "url": "https://access.redhat.com/errata/RHSA-2021:3364"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1788786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
      },
      {
        "category": "external",
        "summary": "1788788",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
      },
      {
        "category": "external",
        "summary": "1827165",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "external",
        "summary": "1962650",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
      },
      {
        "category": "external",
        "summary": "1962702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
      },
      {
        "category": "external",
        "summary": "1962722",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
      },
      {
        "category": "external",
        "summary": "1972326",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1972326"
      },
      {
        "category": "external",
        "summary": "1972329",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1972329"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3364.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T19:59:34+00:00",
      "generator": {
        "date": "2025-10-09T19:59:34+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2021:3364",
      "initial_release_date": "2021-08-31T09:26:30+00:00",
      "revision_history": [
        {
          "date": "2021-08-31T09:26:30+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-08-31T09:26:30+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T19:59:34+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux BaseOS EUS (v. 8.2)",
                "product": {
                  "name": "Red Hat Enterprise Linux BaseOS EUS (v. 8.2)",
                  "product_id": "BaseOS-8.2.0.Z.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_eus:8.2::baseos"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
                "product": {
                  "name": "microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
                  "product_id": "microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20191115-4.20210608.1.el8_2?arch=src\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64",
                "product": {
                  "name": "microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64",
                  "product_id": "microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20191115-4.20210608.1.el8_2?arch=x86_64\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20191115-4.20210608.1.el8_2.src as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.2)",
          "product_id": "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src"
        },
        "product_reference": "microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
        "relates_to_product_reference": "BaseOS-8.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.2)",
          "product_id": "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
        },
        "product_reference": "microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64",
        "relates_to_product_reference": "BaseOS-8.2.0.Z.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-0543",
      "discovery_date": "2020-04-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1827165"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Special Register Buffer Data Sampling (SRBDS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/5142691",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "RHBZ#1827165",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142691",
          "url": "https://access.redhat.com/solutions/5142691"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142751",
          "url": "https://access.redhat.com/solutions/5142751"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri",
          "url": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling",
          "url": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling"
        },
        {
          "category": "external",
          "summary": "https://xenbits.xen.org/xsa/advisory-320.html",
          "url": "https://xenbits.xen.org/xsa/advisory-320.html"
        }
      ],
      "release_date": "2020-06-09T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T09:26:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3364"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Special Register Buffer Data Sampling (SRBDS)"
    },
    {
      "cve": "CVE-2020-0548",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788786"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read by another process or a CPU sibling. The highest threat from this vulnerability is data confidentiality where an attacker could read arbitrary data as it passes through the processor.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Data Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788786",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T09:26:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3364"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: Vector Register Data Sampling"
    },
    {
      "cve": "CVE-2020-0549",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788788"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the \u201cfill buffers\u201d and not properly cleared by the MDS mitigations. The fill buffer contents (which were expected to be blank) can be inferred using MDS or TAA style attack methods to allow a local attacker to infer fill buffer values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: L1D Cache Eviction Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788788",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T09:26:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3364"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: L1D Cache Eviction Sampling"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T09:26:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3364"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T09:26:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3364"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T09:26:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3364"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24489",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962650"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel\u00ae VT-d products. Entries from the context cache on some types of context cache invalidations may not be properly invalidated which may allow an authenticated user to potentially enable escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: vt-d related privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962650",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T09:26:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3364"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hw: vt-d related privilege escalation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24511",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962702"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Microcode misconfiguration in some Intel processors may cause EIBRS mitigation (CVE-2017-5715) to be incomplete. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: improper isolation of shared resources in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962702",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24511",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T09:26:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3364"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: improper isolation of shared resources in some Intel Processors"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24512",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962722"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: observable timing discrepancy in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962722",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24512",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T09:26:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3364"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: observable timing discrepancy in some Intel Processors"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red at Enterprise Linux 7.7 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\nBug Fix(es) and Enhancement(s):\n* Update Intel CPU microcode to microcode-20201112 release, addresses:\n  - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;\n  - Addition of 06-8a-01/0x10 (LKF B2/B3) microcode at revision 0x28;\n  - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;\n  - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;\n  - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;\n  - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;\n  - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision\n    0xe0;\n  - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in\n    intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in\n    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up\n    to 0x2006a08;\n  - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in\n    intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up\n    to 0xe0;\n  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)\n    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from\n    revision 0xd6 up to 0xde;\n  - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode\n    from revision 0x43 up to 0x44;\n  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157\n    up to 0x1000159;\n  - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01\n    up to 0x4003003;\n  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision\n    0x5002f01 up to 0x5003003;\n  - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up\n    to 0x40;\n  - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up\n    to 0x1e;\n  - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x32 up\n    to 0x34;\n  - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up\n    to 0x18;\n  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78\n    up to 0xa0;\n  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca\n    up to 0xe0.\n* Disable 06-8c-01 (TGL-UP3/UP4 B1) microcode update by default.\n* Add README file to the documentation directory.\n* Add publicly-sourced codenames list to supply to gen_provides.sh; update\n  the latter to handle the somewhat different format.\n* Add SUMMARY.intel-ucode file",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:5190",
        "url": "https://access.redhat.com/errata/RHSA-2020:5190"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5190.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2024-12-29T19:04:19+00:00",
      "generator": {
        "date": "2024-12-29T19:04:19+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.4"
        }
      },
      "id": "RHSA-2020:5190",
      "initial_release_date": "2020-11-23T19:27:14+00:00",
      "revision_history": [
        {
          "date": "2020-11-23T19:27:14+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-11-23T19:27:14+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-29T19:04:19+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ComputeNode EUS (v. 7.7)",
                "product": {
                  "name": "Red Hat Enterprise Linux ComputeNode EUS (v. 7.7)",
                  "product_id": "7ComputeNode-7.7.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_eus:7.7::computenode"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server EUS (v. 7.7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server EUS (v. 7.7)",
                  "product_id": "7Server-7.7.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_eus:7.7::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-53.13.el7_7.x86_64",
                "product": {
                  "name": "microcode_ctl-2:2.1-53.13.el7_7.x86_64",
                  "product_id": "microcode_ctl-2:2.1-53.13.el7_7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-53.13.el7_7?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
                "product": {
                  "name": "microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
                  "product_id": "microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl-debuginfo@2.1-53.13.el7_7?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-53.13.el7_7.src",
                "product": {
                  "name": "microcode_ctl-2:2.1-53.13.el7_7.src",
                  "product_id": "microcode_ctl-2:2.1-53.13.el7_7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-53.13.el7_7?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-53.13.el7_7.src as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.7)",
          "product_id": "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src"
        },
        "product_reference": "microcode_ctl-2:2.1-53.13.el7_7.src",
        "relates_to_product_reference": "7ComputeNode-7.7.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-53.13.el7_7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.7)",
          "product_id": "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-53.13.el7_7.x86_64",
        "relates_to_product_reference": "7ComputeNode-7.7.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.7)",
          "product_id": "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
        "relates_to_product_reference": "7ComputeNode-7.7.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-53.13.el7_7.src as a component of Red Hat Enterprise Linux Server EUS (v. 7.7)",
          "product_id": "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src"
        },
        "product_reference": "microcode_ctl-2:2.1-53.13.el7_7.src",
        "relates_to_product_reference": "7Server-7.7.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-53.13.el7_7.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.7)",
          "product_id": "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-53.13.el7_7.x86_64",
        "relates_to_product_reference": "7Server-7.7.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.7)",
          "product_id": "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
        "relates_to_product_reference": "7Server-7.7.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
          "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T19:27:14+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5190"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
          "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T19:27:14+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5190"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
          "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T19:27:14+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5190"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n* hw: Vector Register Data Sampling (CVE-2020-0548)\n\n* hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\n* hw: vt-d related privilege escalation (CVE-2020-24489)\n\n* hw: improper isolation of shared resources in some Intel Processors (CVE-2020-24511)\n\n* hw: observable timing discrepancy in some Intel Processors (CVE-2020-24512)\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:3255",
        "url": "https://access.redhat.com/errata/RHSA-2021:3255"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1788786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
      },
      {
        "category": "external",
        "summary": "1788788",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
      },
      {
        "category": "external",
        "summary": "1827165",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "external",
        "summary": "1962650",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
      },
      {
        "category": "external",
        "summary": "1962702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
      },
      {
        "category": "external",
        "summary": "1962722",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
      },
      {
        "category": "external",
        "summary": "1972334",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1972334"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3255.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T19:59:30+00:00",
      "generator": {
        "date": "2025-10-09T19:59:30+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2021:3255",
      "initial_release_date": "2021-08-24T10:01:08+00:00",
      "revision_history": [
        {
          "date": "2021-08-24T10:01:08+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-08-24T12:01:49+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T19:59:30+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server AUS (v. 7.4)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server AUS (v. 7.4)",
                  "product_id": "7Server-7.4.AUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_aus:7.4::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server E4S (v. 7.4)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server E4S (v. 7.4)",
                  "product_id": "7Server-7.4.E4S",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_e4s:7.4::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server TUS (v. 7.4)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server TUS (v. 7.4)",
                  "product_id": "7Server-7.4.TUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_tus:7.4::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-22.41.el7_4.src",
                "product": {
                  "name": "microcode_ctl-2:2.1-22.41.el7_4.src",
                  "product_id": "microcode_ctl-2:2.1-22.41.el7_4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-22.41.el7_4?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-22.41.el7_4.x86_64",
                "product": {
                  "name": "microcode_ctl-2:2.1-22.41.el7_4.x86_64",
                  "product_id": "microcode_ctl-2:2.1-22.41.el7_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-22.41.el7_4?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
                "product": {
                  "name": "microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
                  "product_id": "microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl-debuginfo@2.1-22.41.el7_4?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-22.41.el7_4.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
          "product_id": "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src"
        },
        "product_reference": "microcode_ctl-2:2.1-22.41.el7_4.src",
        "relates_to_product_reference": "7Server-7.4.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-22.41.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
          "product_id": "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-22.41.el7_4.x86_64",
        "relates_to_product_reference": "7Server-7.4.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
          "product_id": "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
        "relates_to_product_reference": "7Server-7.4.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-22.41.el7_4.src as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
          "product_id": "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src"
        },
        "product_reference": "microcode_ctl-2:2.1-22.41.el7_4.src",
        "relates_to_product_reference": "7Server-7.4.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-22.41.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
          "product_id": "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-22.41.el7_4.x86_64",
        "relates_to_product_reference": "7Server-7.4.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
          "product_id": "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
        "relates_to_product_reference": "7Server-7.4.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-22.41.el7_4.src as a component of Red Hat Enterprise Linux Server TUS (v. 7.4)",
          "product_id": "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src"
        },
        "product_reference": "microcode_ctl-2:2.1-22.41.el7_4.src",
        "relates_to_product_reference": "7Server-7.4.TUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-22.41.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.4)",
          "product_id": "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-22.41.el7_4.x86_64",
        "relates_to_product_reference": "7Server-7.4.TUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.4)",
          "product_id": "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
        "relates_to_product_reference": "7Server-7.4.TUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-0543",
      "discovery_date": "2020-04-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1827165"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Special Register Buffer Data Sampling (SRBDS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/5142691",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "RHBZ#1827165",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142691",
          "url": "https://access.redhat.com/solutions/5142691"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142751",
          "url": "https://access.redhat.com/solutions/5142751"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri",
          "url": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling",
          "url": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling"
        },
        {
          "category": "external",
          "summary": "https://xenbits.xen.org/xsa/advisory-320.html",
          "url": "https://xenbits.xen.org/xsa/advisory-320.html"
        }
      ],
      "release_date": "2020-06-09T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-24T10:01:08+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3255"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Special Register Buffer Data Sampling (SRBDS)"
    },
    {
      "cve": "CVE-2020-0548",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788786"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read by another process or a CPU sibling. The highest threat from this vulnerability is data confidentiality where an attacker could read arbitrary data as it passes through the processor.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Data Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788786",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-24T10:01:08+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3255"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: Vector Register Data Sampling"
    },
    {
      "cve": "CVE-2020-0549",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788788"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the \u201cfill buffers\u201d and not properly cleared by the MDS mitigations. The fill buffer contents (which were expected to be blank) can be inferred using MDS or TAA style attack methods to allow a local attacker to infer fill buffer values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: L1D Cache Eviction Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788788",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-24T10:01:08+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3255"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: L1D Cache Eviction Sampling"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-24T10:01:08+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3255"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-24T10:01:08+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3255"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-24T10:01:08+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3255"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24489",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962650"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel\u00ae VT-d products. Entries from the context cache on some types of context cache invalidations may not be properly invalidated which may allow an authenticated user to potentially enable escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: vt-d related privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962650",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-24T10:01:08+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3255"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hw: vt-d related privilege escalation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24511",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962702"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Microcode misconfiguration in some Intel processors may cause EIBRS mitigation (CVE-2017-5715) to be incomplete. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: improper isolation of shared resources in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962702",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24511",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-24T10:01:08+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3255"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: improper isolation of shared resources in some Intel Processors"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24512",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962722"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: observable timing discrepancy in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962722",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24512",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-24T10:01:08+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3255"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.41.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.41.el7_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: observable timing discrepancy in some Intel Processors"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.4 Advances Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\nBug Fix(es) and Enhancement(s):\n* Update Intel CPU microcode to microcode-20201112 release, addresses:\n  - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;\n  - Addition of 06-8a-01/0x10 (LKF B2/B3) microcode at revision 0x28;\n  - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;\n  - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;\n  - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;\n  - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;\n  - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision\n    0xe0;\n  - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in\n    intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in\n    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up\n    to 0x2006a08;\n  - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in\n    intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up\n    to 0xe0;\n  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)\n    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from\n    revision 0xd6 up to 0xde;\n  - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode\n    from revision 0x43 up to 0x44;\n  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157\n    up to 0x1000159;\n  - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01\n    up to 0x4003003;\n  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision\n    0x5002f01 up to 0x5003003;\n  - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up\n    to 0x40;\n  - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up\n    to 0x1e;\n  - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x32 up\n    to 0x34;\n  - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up\n    to 0x18;\n  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78\n    up to 0xa0;\n  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca\n    up to 0xe0.\n* Disable 06-8c-01 (TGL-UP3/UP4 B1) microcode update by default.\n* Add README file to the documentation directory.\n* Add publicly-sourced codenames list to supply to gen_provides.sh; update\n  the latter to handle the somewhat different format.\n* Add SUMMARY.intel-ucode file",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:5182",
        "url": "https://access.redhat.com/errata/RHSA-2020:5182"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5182.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T21:12:03+00:00",
      "generator": {
        "date": "2025-10-09T21:12:03+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2020:5182",
      "initial_release_date": "2020-11-23T17:48:53+00:00",
      "revision_history": [
        {
          "date": "2020-11-23T17:48:53+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-11-23T17:48:53+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T21:12:03+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server AUS (v. 7.4)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server AUS (v. 7.4)",
                  "product_id": "7Server-7.4.AUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_aus:7.4::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server E4S (v. 7.4)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server E4S (v. 7.4)",
                  "product_id": "7Server-7.4.E4S",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_e4s:7.4::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server TUS (v. 7.4)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server TUS (v. 7.4)",
                  "product_id": "7Server-7.4.TUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_tus:7.4::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-22.36.el7_4.x86_64",
                "product": {
                  "name": "microcode_ctl-2:2.1-22.36.el7_4.x86_64",
                  "product_id": "microcode_ctl-2:2.1-22.36.el7_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-22.36.el7_4?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
                "product": {
                  "name": "microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
                  "product_id": "microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl-debuginfo@2.1-22.36.el7_4?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-22.36.el7_4.src",
                "product": {
                  "name": "microcode_ctl-2:2.1-22.36.el7_4.src",
                  "product_id": "microcode_ctl-2:2.1-22.36.el7_4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-22.36.el7_4?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-22.36.el7_4.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
          "product_id": "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.src"
        },
        "product_reference": "microcode_ctl-2:2.1-22.36.el7_4.src",
        "relates_to_product_reference": "7Server-7.4.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-22.36.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
          "product_id": "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-22.36.el7_4.x86_64",
        "relates_to_product_reference": "7Server-7.4.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
          "product_id": "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
        "relates_to_product_reference": "7Server-7.4.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-22.36.el7_4.src as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
          "product_id": "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.src"
        },
        "product_reference": "microcode_ctl-2:2.1-22.36.el7_4.src",
        "relates_to_product_reference": "7Server-7.4.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-22.36.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
          "product_id": "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-22.36.el7_4.x86_64",
        "relates_to_product_reference": "7Server-7.4.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
          "product_id": "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
        "relates_to_product_reference": "7Server-7.4.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-22.36.el7_4.src as a component of Red Hat Enterprise Linux Server TUS (v. 7.4)",
          "product_id": "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.src"
        },
        "product_reference": "microcode_ctl-2:2.1-22.36.el7_4.src",
        "relates_to_product_reference": "7Server-7.4.TUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-22.36.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.4)",
          "product_id": "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-22.36.el7_4.x86_64",
        "relates_to_product_reference": "7Server-7.4.TUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.4)",
          "product_id": "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
        "relates_to_product_reference": "7Server-7.4.TUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.src",
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.src",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.src",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T17:48:53+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5182"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.src",
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.src",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.src",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T17:48:53+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5182"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.src",
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.src",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.src",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T17:48:53+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5182"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Security Fix(es):\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) and Enhancement(s):\n\n* Update Intel CPU microcode to microcode-20201027 release, addresses:\n  - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;\n  - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;\n  - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;\n  - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;\n  - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;\n  - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision\n    0xe0;\n  - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in\n    intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in\n    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up\n    to 0x2006a08;\n  - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in\n    intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up\n    to 0xe0;\n  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)\n    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from\n    revision 0xd6 up to 0xde;\n  - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode\n    from revision 0x43 up to 0x44;\n  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157\n    up to 0x1000159;\n  - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01\n    up to 0x4003003;\n  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision\n    0x5002f01 up to 0x5003003;\n  - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up\n    to 0x40;\n  - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up\n    to 0x1e;\n  - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up\n    to 0x18;\n  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78\n    up to 0xa0;\n  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca\n    up to 0xe0.\n\n* Add README file to the documentation directory.\n\n* Add publicly-sourced codenames list to supply to gen_provides.sh; update\n  the latter to handle the somewhat different format.\n\n* Add SUMMARY.intel-ucode file containing metadata information from\n  the microcode file headers.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:5085",
        "url": "https://access.redhat.com/errata/RHSA-2020:5085"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5085.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T21:12:01+00:00",
      "generator": {
        "date": "2025-10-09T21:12:01+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2020:5085",
      "initial_release_date": "2020-11-11T09:48:17+00:00",
      "revision_history": [
        {
          "date": "2020-11-11T09:48:17+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-11-11T09:48:17+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T21:12:01+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux BaseOS (v. 8)",
                "product": {
                  "name": "Red Hat Enterprise Linux BaseOS (v. 8)",
                  "product_id": "BaseOS-8.3.0.Z.MAIN",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:8::baseos"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64",
                "product": {
                  "name": "microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64",
                  "product_id": "microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20200609-2.20201027.1.el8_3?arch=x86_64\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
                "product": {
                  "name": "microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
                  "product_id": "microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20200609-2.20201027.1.el8_3?arch=src\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20200609-2.20201027.1.el8_3.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.src"
        },
        "product_reference": "microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
        "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64"
        },
        "product_reference": "microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64",
        "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
          "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-11T09:48:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5085"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
          "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-11T09:48:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5085"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
          "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-11T09:48:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5085"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\nBug Fix(es) and Enhancement(s):\n\n* Update Intel CPU microcode to microcode-20201112 release, addresses:\n\n  - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;\n  - Addition of 06-8a-01/0x10 (LKF B2/B3) microcode at revision 0x28;\n  - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;\n  - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;\n  - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;\n  - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;\n  - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision\n    0xe0;\n  - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in\n    intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in\n    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up\n    to 0x2006a08;\n  - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in\n    intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up\n    to 0xe0;\n  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)\n    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from\n    revision 0xd6 up to 0xde;\n  - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode\n    from revision 0x43 up to 0x44;\n  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157\n    up to 0x1000159;\n  - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01\n    up to 0x4003003;\n  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision\n    0x5002f01 up to 0x5003003;\n  - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up\n    to 0x40;\n  - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up\n    to 0x1e;\n  - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x32 up\n    to 0x34;\n  - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up\n    to 0x18;\n  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78\n    up to 0xa0;\n  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca\n    up to 0xe0.\n\n* Disable 06-8c-01 (TGL-UP3/UP4 B1) microcode update by default.\n\n* Add README file to the documentation directory.\n\n* Add publicly-sourced codenames list to supply to gen_provides.sh; update\n  the latter to handle the somewhat different format.\n\n* Add SUMMARY.intel-ucode file",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:5188",
        "url": "https://access.redhat.com/errata/RHSA-2020:5188"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5188.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T21:12:04+00:00",
      "generator": {
        "date": "2025-10-09T21:12:04+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2020:5188",
      "initial_release_date": "2020-11-23T18:58:41+00:00",
      "revision_history": [
        {
          "date": "2020-11-23T18:58:41+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-11-23T18:58:41+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T21:12:04+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server AUS (v. 7.2)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server AUS (v. 7.2)",
                  "product_id": "7Server-7.2.AUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_aus:7.2::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-12.34.el7_2.x86_64",
                "product": {
                  "name": "microcode_ctl-2:2.1-12.34.el7_2.x86_64",
                  "product_id": "microcode_ctl-2:2.1-12.34.el7_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-12.34.el7_2?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64",
                "product": {
                  "name": "microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64",
                  "product_id": "microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl-debuginfo@2.1-12.34.el7_2?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-12.34.el7_2.src",
                "product": {
                  "name": "microcode_ctl-2:2.1-12.34.el7_2.src",
                  "product_id": "microcode_ctl-2:2.1-12.34.el7_2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-12.34.el7_2?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-12.34.el7_2.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)",
          "product_id": "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.src"
        },
        "product_reference": "microcode_ctl-2:2.1-12.34.el7_2.src",
        "relates_to_product_reference": "7Server-7.2.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-12.34.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)",
          "product_id": "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-12.34.el7_2.x86_64",
        "relates_to_product_reference": "7Server-7.2.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)",
          "product_id": "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64",
        "relates_to_product_reference": "7Server-7.2.AUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.src",
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.x86_64",
          "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T18:58:41+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5188"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.src",
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.x86_64",
          "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T18:58:41+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5188"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.src",
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.x86_64",
          "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T18:58:41+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5188"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat enterprise Linux 8.1\nExtended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\nBug Fix(es) and Enhancement(s):\n\n* Update Intel CPU microcode to microcode-20201027 release, addresses:\n  - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;\n  - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;\n  - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;\n  - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;\n  - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;\n  - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision\n    0xe0;\n  - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in\n    intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in\n    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up\n    to 0x2006a08;\n  - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in\n    intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up\n    to 0xe0;\n  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)\n    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from\n    revision 0xd6 up to 0xde;\n  - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode\n    from revision 0x43 up to 0x44;\n  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157\n    up to 0x1000159;\n  - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01\n    up to 0x4003003;\n  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision\n    0x5002f01 up to 0x5003003;\n  - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up\n    to 0x40;\n  - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up\n    to 0x1e;\n  - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up\n    to 0x18;\n  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78\n    up to 0xa0;\n  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca\n    up to 0xe0.\n\n* Add README file to the documentation directory.\n\n* Add publicly-sourced codenames list to supply to gen_provides.sh; update\n  the latter to handle the somewhat different format.\n\n* Add SUMMARY.intel-ucode file containing metadata information from\n  the microcode file headers.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:5369",
        "url": "https://access.redhat.com/errata/RHSA-2020:5369"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5369.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T21:12:06+00:00",
      "generator": {
        "date": "2025-10-09T21:12:06+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2020:5369",
      "initial_release_date": "2020-12-08T17:42:44+00:00",
      "revision_history": [
        {
          "date": "2020-12-08T17:42:44+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-12-08T17:42:44+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T21:12:06+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux BaseOS EUS (v. 8.1)",
                "product": {
                  "name": "Red Hat Enterprise Linux BaseOS EUS (v. 8.1)",
                  "product_id": "BaseOS-8.1.0.Z.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_eus:8.1::baseos"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64",
                "product": {
                  "name": "microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64",
                  "product_id": "microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20190618-1.20201112.1.el8_1?arch=x86_64\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
                "product": {
                  "name": "microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
                  "product_id": "microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20190618-1.20201112.1.el8_1?arch=src\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20190618-1.20201112.1.el8_1.src as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)",
          "product_id": "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.src"
        },
        "product_reference": "microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
        "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)",
          "product_id": "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64"
        },
        "product_reference": "microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64",
        "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-12-08T17:42:44+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5369"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-12-08T17:42:44+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5369"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-12-08T17:42:44+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5369"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.7 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n* hw: Vector Register Data Sampling (CVE-2020-0548)\n\n* hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\n* hw: vt-d related privilege escalation (CVE-2020-24489)\n\n* hw: improper isolation of shared resources in some Intel Processors (CVE-2020-24511)\n\n* hw: observable timing discrepancy in some Intel Processors (CVE-2020-24512)\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:3029",
        "url": "https://access.redhat.com/errata/RHSA-2021:3029"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1788786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
      },
      {
        "category": "external",
        "summary": "1788788",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
      },
      {
        "category": "external",
        "summary": "1827165",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "external",
        "summary": "1962650",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
      },
      {
        "category": "external",
        "summary": "1962702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
      },
      {
        "category": "external",
        "summary": "1962722",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
      },
      {
        "category": "external",
        "summary": "1972332",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1972332"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3029.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2024-12-29T19:04:46+00:00",
      "generator": {
        "date": "2024-12-29T19:04:46+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.4"
        }
      },
      "id": "RHSA-2021:3029",
      "initial_release_date": "2021-08-10T16:13:33+00:00",
      "revision_history": [
        {
          "date": "2021-08-10T16:13:33+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-08-10T16:13:33+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-29T19:04:46+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ComputeNode EUS (v. 7.7)",
                "product": {
                  "name": "Red Hat Enterprise Linux ComputeNode EUS (v. 7.7)",
                  "product_id": "7ComputeNode-7.7.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_eus:7.7::computenode"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server EUS (v. 7.7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server EUS (v. 7.7)",
                  "product_id": "7Server-7.7.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_eus:7.7::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-53.18.el7_7.src",
                "product": {
                  "name": "microcode_ctl-2:2.1-53.18.el7_7.src",
                  "product_id": "microcode_ctl-2:2.1-53.18.el7_7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-53.18.el7_7?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-53.18.el7_7.x86_64",
                "product": {
                  "name": "microcode_ctl-2:2.1-53.18.el7_7.x86_64",
                  "product_id": "microcode_ctl-2:2.1-53.18.el7_7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-53.18.el7_7?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
                "product": {
                  "name": "microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
                  "product_id": "microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl-debuginfo@2.1-53.18.el7_7?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-53.18.el7_7.src as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.7)",
          "product_id": "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src"
        },
        "product_reference": "microcode_ctl-2:2.1-53.18.el7_7.src",
        "relates_to_product_reference": "7ComputeNode-7.7.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-53.18.el7_7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.7)",
          "product_id": "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-53.18.el7_7.x86_64",
        "relates_to_product_reference": "7ComputeNode-7.7.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.7)",
          "product_id": "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
        "relates_to_product_reference": "7ComputeNode-7.7.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-53.18.el7_7.src as a component of Red Hat Enterprise Linux Server EUS (v. 7.7)",
          "product_id": "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src"
        },
        "product_reference": "microcode_ctl-2:2.1-53.18.el7_7.src",
        "relates_to_product_reference": "7Server-7.7.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-53.18.el7_7.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.7)",
          "product_id": "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-53.18.el7_7.x86_64",
        "relates_to_product_reference": "7Server-7.7.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.7)",
          "product_id": "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
        "relates_to_product_reference": "7Server-7.7.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-0543",
      "discovery_date": "2020-04-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1827165"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Special Register Buffer Data Sampling (SRBDS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/5142691",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "RHBZ#1827165",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142691",
          "url": "https://access.redhat.com/solutions/5142691"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142751",
          "url": "https://access.redhat.com/solutions/5142751"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri",
          "url": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling",
          "url": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling"
        },
        {
          "category": "external",
          "summary": "https://xenbits.xen.org/xsa/advisory-320.html",
          "url": "https://xenbits.xen.org/xsa/advisory-320.html"
        }
      ],
      "release_date": "2020-06-09T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-10T16:13:33+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3029"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Special Register Buffer Data Sampling (SRBDS)"
    },
    {
      "cve": "CVE-2020-0548",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788786"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read by another process or a CPU sibling. The highest threat from this vulnerability is data confidentiality where an attacker could read arbitrary data as it passes through the processor.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Data Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788786",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-10T16:13:33+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3029"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: Vector Register Data Sampling"
    },
    {
      "cve": "CVE-2020-0549",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788788"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the \u201cfill buffers\u201d and not properly cleared by the MDS mitigations. The fill buffer contents (which were expected to be blank) can be inferred using MDS or TAA style attack methods to allow a local attacker to infer fill buffer values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: L1D Cache Eviction Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788788",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-10T16:13:33+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3029"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: L1D Cache Eviction Sampling"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-10T16:13:33+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3029"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-10T16:13:33+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3029"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-10T16:13:33+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3029"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24489",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962650"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel\u00ae VT-d products. Entries from the context cache on some types of context cache invalidations may not be properly invalidated which may allow an authenticated user to potentially enable escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: vt-d related privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962650",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-10T16:13:33+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3029"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hw: vt-d related privilege escalation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24511",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962702"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Microcode misconfiguration in some Intel processors may cause EIBRS mitigation (CVE-2017-5715) to be incomplete. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: improper isolation of shared resources in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962702",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24511",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-10T16:13:33+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3029"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: improper isolation of shared resources in some Intel Processors"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24512",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962722"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: observable timing discrepancy in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962722",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24512",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-10T16:13:33+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3029"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: observable timing discrepancy in some Intel Processors"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Security Fix(es):\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) and Enhancement(s):\n\n* Update Intel CPU microcode to microcode-20201027 release, addresses:\n  - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;\n  - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;\n  - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;\n  - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;\n  - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;\n  - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision\n    0xe0;\n  - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in\n    intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in\n    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up\n    to 0x2006a08;\n  - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in\n    intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up\n    to 0xe0;\n  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)\n    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from\n    revision 0xd6 up to 0xde;\n  - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode\n    from revision 0x43 up to 0x44;\n  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157\n    up to 0x1000159;\n  - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01\n    up to 0x4003003;\n  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision\n    0x5002f01 up to 0x5003003;\n  - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up\n    to 0x40;\n  - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up\n    to 0x1e;\n  - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up\n    to 0x18;\n  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78\n    up to 0xa0;\n  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca\n    up to 0xe0.\n\n* Add README file to the documentation directory.\n\n* Add publicly-sourced codenames list to supply to gen_provides.sh; update\n  the latter to handle the somewhat different format.\n\n* Add SUMMARY.intel-ucode file containing metadata information from\n  the microcode file headers.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:5085",
        "url": "https://access.redhat.com/errata/RHSA-2020:5085"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5085.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T21:12:01+00:00",
      "generator": {
        "date": "2025-10-09T21:12:01+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2020:5085",
      "initial_release_date": "2020-11-11T09:48:17+00:00",
      "revision_history": [
        {
          "date": "2020-11-11T09:48:17+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-11-11T09:48:17+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T21:12:01+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux BaseOS (v. 8)",
                "product": {
                  "name": "Red Hat Enterprise Linux BaseOS (v. 8)",
                  "product_id": "BaseOS-8.3.0.Z.MAIN",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:8::baseos"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64",
                "product": {
                  "name": "microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64",
                  "product_id": "microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20200609-2.20201027.1.el8_3?arch=x86_64\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
                "product": {
                  "name": "microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
                  "product_id": "microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20200609-2.20201027.1.el8_3?arch=src\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20200609-2.20201027.1.el8_3.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.src"
        },
        "product_reference": "microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
        "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64"
        },
        "product_reference": "microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64",
        "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
          "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-11T09:48:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5085"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
          "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-11T09:48:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5085"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
          "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-11T09:48:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5085"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Vector Register Data Sampling (CVE-2020-0548)\n\n* hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\n* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface\n(CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\n* hw: vt-d related privilege escalation (CVE-2020-24489)\n\n* hw: improper isolation of shared resources in some Intel Processors\n(CVE-2020-24511)\n\n* hw: observable timing discrepancy in some Intel Processors\n(CVE-2020-24512)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:3322",
        "url": "https://access.redhat.com/errata/RHSA-2021:3322"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1788786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
      },
      {
        "category": "external",
        "summary": "1788788",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
      },
      {
        "category": "external",
        "summary": "1827165",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "external",
        "summary": "1962650",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
      },
      {
        "category": "external",
        "summary": "1962702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
      },
      {
        "category": "external",
        "summary": "1962722",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
      },
      {
        "category": "external",
        "summary": "1972335",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1972335"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3322.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2024-12-29T19:05:22+00:00",
      "generator": {
        "date": "2024-12-29T19:05:22+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.4"
        }
      },
      "id": "RHSA-2021:3322",
      "initial_release_date": "2021-08-31T08:15:28+00:00",
      "revision_history": [
        {
          "date": "2021-08-31T08:15:28+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-08-31T08:15:28+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-29T19:05:22+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server AUS (v. 7.3)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server AUS (v. 7.3)",
                  "product_id": "7Server-7.3.AUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_aus:7.3::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-16.42.el7_3.src",
                "product": {
                  "name": "microcode_ctl-2:2.1-16.42.el7_3.src",
                  "product_id": "microcode_ctl-2:2.1-16.42.el7_3.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-16.42.el7_3?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-16.42.el7_3.x86_64",
                "product": {
                  "name": "microcode_ctl-2:2.1-16.42.el7_3.x86_64",
                  "product_id": "microcode_ctl-2:2.1-16.42.el7_3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-16.42.el7_3?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64",
                "product": {
                  "name": "microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64",
                  "product_id": "microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl-debuginfo@2.1-16.42.el7_3?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-16.42.el7_3.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
          "product_id": "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src"
        },
        "product_reference": "microcode_ctl-2:2.1-16.42.el7_3.src",
        "relates_to_product_reference": "7Server-7.3.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-16.42.el7_3.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
          "product_id": "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-16.42.el7_3.x86_64",
        "relates_to_product_reference": "7Server-7.3.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
          "product_id": "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64",
        "relates_to_product_reference": "7Server-7.3.AUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-0543",
      "discovery_date": "2020-04-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1827165"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Special Register Buffer Data Sampling (SRBDS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/5142691",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
          "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "RHBZ#1827165",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142691",
          "url": "https://access.redhat.com/solutions/5142691"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142751",
          "url": "https://access.redhat.com/solutions/5142751"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri",
          "url": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling",
          "url": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling"
        },
        {
          "category": "external",
          "summary": "https://xenbits.xen.org/xsa/advisory-320.html",
          "url": "https://xenbits.xen.org/xsa/advisory-320.html"
        }
      ],
      "release_date": "2020-06-09T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:15:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3322"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Special Register Buffer Data Sampling (SRBDS)"
    },
    {
      "cve": "CVE-2020-0548",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788786"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read by another process or a CPU sibling. The highest threat from this vulnerability is data confidentiality where an attacker could read arbitrary data as it passes through the processor.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Data Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
          "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788786",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:15:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3322"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: Vector Register Data Sampling"
    },
    {
      "cve": "CVE-2020-0549",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788788"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the \u201cfill buffers\u201d and not properly cleared by the MDS mitigations. The fill buffer contents (which were expected to be blank) can be inferred using MDS or TAA style attack methods to allow a local attacker to infer fill buffer values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: L1D Cache Eviction Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
          "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788788",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:15:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3322"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: L1D Cache Eviction Sampling"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
          "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:15:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3322"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
          "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:15:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3322"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
          "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:15:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3322"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24489",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962650"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel\u00ae VT-d products. Entries from the context cache on some types of context cache invalidations may not be properly invalidated which may allow an authenticated user to potentially enable escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: vt-d related privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
          "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962650",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:15:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3322"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hw: vt-d related privilege escalation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24511",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962702"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Microcode misconfiguration in some Intel processors may cause EIBRS mitigation (CVE-2017-5715) to be incomplete. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: improper isolation of shared resources in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
          "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962702",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24511",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:15:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3322"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: improper isolation of shared resources in some Intel Processors"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24512",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962722"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: observable timing discrepancy in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
          "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962722",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24512",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:15:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3322"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: observable timing discrepancy in some Intel Processors"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n* hw: Vector Register Data Sampling (CVE-2020-0548)\n\n* hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\n* hw: vt-d related privilege escalation (CVE-2020-24489)\n\n* hw: improper isolation of shared resources in some Intel Processors\n(CVE-2020-24511)\n\n* hw: observable timing discrepancy in some Intel Processors\n(CVE-2020-24512)\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface\n(CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:3027",
        "url": "https://access.redhat.com/errata/RHSA-2021:3027"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1788786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
      },
      {
        "category": "external",
        "summary": "1788788",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
      },
      {
        "category": "external",
        "summary": "1827165",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "external",
        "summary": "1962650",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
      },
      {
        "category": "external",
        "summary": "1962702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
      },
      {
        "category": "external",
        "summary": "1962722",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
      },
      {
        "category": "external",
        "summary": "1972325",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1972325"
      },
      {
        "category": "external",
        "summary": "1972328",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1972328"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3027.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2024-12-29T19:04:33+00:00",
      "generator": {
        "date": "2024-12-29T19:04:33+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.4"
        }
      },
      "id": "RHSA-2021:3027",
      "initial_release_date": "2021-08-09T09:56:52+00:00",
      "revision_history": [
        {
          "date": "2021-08-09T09:56:52+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-08-09T09:56:52+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-29T19:04:33+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux BaseOS (v. 8)",
                "product": {
                  "name": "Red Hat Enterprise Linux BaseOS (v. 8)",
                  "product_id": "BaseOS-8.4.0.Z.MAIN.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:8::baseos"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
                "product": {
                  "name": "microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
                  "product_id": "microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20210216-1.20210608.1.el8_4?arch=src\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64",
                "product": {
                  "name": "microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64",
                  "product_id": "microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20210216-1.20210608.1.el8_4?arch=x86_64\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20210216-1.20210608.1.el8_4.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src"
        },
        "product_reference": "microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
        "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
        },
        "product_reference": "microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64",
        "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-0543",
      "discovery_date": "2020-04-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1827165"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Special Register Buffer Data Sampling (SRBDS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/5142691",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "RHBZ#1827165",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142691",
          "url": "https://access.redhat.com/solutions/5142691"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142751",
          "url": "https://access.redhat.com/solutions/5142751"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri",
          "url": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling",
          "url": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling"
        },
        {
          "category": "external",
          "summary": "https://xenbits.xen.org/xsa/advisory-320.html",
          "url": "https://xenbits.xen.org/xsa/advisory-320.html"
        }
      ],
      "release_date": "2020-06-09T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T09:56:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3027"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Special Register Buffer Data Sampling (SRBDS)"
    },
    {
      "cve": "CVE-2020-0548",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788786"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read by another process or a CPU sibling. The highest threat from this vulnerability is data confidentiality where an attacker could read arbitrary data as it passes through the processor.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Data Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788786",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T09:56:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3027"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: Vector Register Data Sampling"
    },
    {
      "cve": "CVE-2020-0549",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788788"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the \u201cfill buffers\u201d and not properly cleared by the MDS mitigations. The fill buffer contents (which were expected to be blank) can be inferred using MDS or TAA style attack methods to allow a local attacker to infer fill buffer values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: L1D Cache Eviction Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788788",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T09:56:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3027"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: L1D Cache Eviction Sampling"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T09:56:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3027"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T09:56:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3027"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T09:56:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3027"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24489",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962650"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel\u00ae VT-d products. Entries from the context cache on some types of context cache invalidations may not be properly invalidated which may allow an authenticated user to potentially enable escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: vt-d related privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962650",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T09:56:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3027"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hw: vt-d related privilege escalation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24511",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962702"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Microcode misconfiguration in some Intel processors may cause EIBRS mitigation (CVE-2017-5715) to be incomplete. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: improper isolation of shared resources in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962702",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24511",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T09:56:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3027"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: improper isolation of shared resources in some Intel Processors"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24512",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962722"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: observable timing discrepancy in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962722",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24512",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T09:56:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3027"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: observable timing discrepancy in some Intel Processors"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Security Fix(es):\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nBug Fix(es) and Enhancement(s):\n\n* Update Intel CPU microcode to microcode-20201027 release, addresses:\n  - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;\n  - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;\n  - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;\n  - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;\n  - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;\n  - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision\n    0xe0;\n  - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in\n    intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in\n    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up\n    to 0x2006a08;\n  - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in\n    intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up\n    to 0xe0;\n  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)\n    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from\n    revision 0xd6 up to 0xde;\n  - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode\n    from revision 0x43 up to 0x44;\n  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157\n    up to 0x1000159;\n  - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01\n    up to 0x4003003;\n  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision\n    0x5002f01 up to 0x5003003;\n  - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up\n    to 0x40;\n  - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up\n    to 0x1e;\n  - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up\n    to 0x18;\n  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78\n    up to 0xa0;\n  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca\n    up to 0xe0.\n\n* Add README file to the documentation directory.\n\n* Add publicly-sourced codenames list to supply to gen_provides.sh; update the latter to handle the somewhat different format.\n\n* Add SUMMARY.intel-ucode file containing metadata information from the microcode file headers.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:5083",
        "url": "https://access.redhat.com/errata/RHSA-2020:5083"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5083.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2024-12-29T19:03:00+00:00",
      "generator": {
        "date": "2024-12-29T19:03:00+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.4"
        }
      },
      "id": "RHSA-2020:5083",
      "initial_release_date": "2020-11-11T10:19:00+00:00",
      "revision_history": [
        {
          "date": "2020-11-11T10:19:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-11-11T10:19:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-29T19:03:00+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Client (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Client (v. 7)",
                  "product_id": "7Client-7.9.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server (v. 7)",
                  "product_id": "7Server-7.9.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation (v. 7)",
                  "product_id": "7Workstation-7.9.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-73.2.el7_9.x86_64",
                "product": {
                  "name": "microcode_ctl-2:2.1-73.2.el7_9.x86_64",
                  "product_id": "microcode_ctl-2:2.1-73.2.el7_9.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-73.2.el7_9?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
                "product": {
                  "name": "microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
                  "product_id": "microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl-debuginfo@2.1-73.2.el7_9?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-73.2.el7_9.src",
                "product": {
                  "name": "microcode_ctl-2:2.1-73.2.el7_9.src",
                  "product_id": "microcode_ctl-2:2.1-73.2.el7_9.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-73.2.el7_9?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-73.2.el7_9.src as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src"
        },
        "product_reference": "microcode_ctl-2:2.1-73.2.el7_9.src",
        "relates_to_product_reference": "7Client-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-73.2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-73.2.el7_9.x86_64",
        "relates_to_product_reference": "7Client-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
        "relates_to_product_reference": "7Client-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-73.2.el7_9.src as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src"
        },
        "product_reference": "microcode_ctl-2:2.1-73.2.el7_9.src",
        "relates_to_product_reference": "7Server-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-73.2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-73.2.el7_9.x86_64",
        "relates_to_product_reference": "7Server-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
        "relates_to_product_reference": "7Server-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-73.2.el7_9.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src"
        },
        "product_reference": "microcode_ctl-2:2.1-73.2.el7_9.src",
        "relates_to_product_reference": "7Workstation-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-73.2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-73.2.el7_9.x86_64",
        "relates_to_product_reference": "7Workstation-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
        "relates_to_product_reference": "7Workstation-7.9.Z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
          "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-11T10:19:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5083"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
          "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-11T10:19:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5083"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
          "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-11T10:19:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5083"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.7 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n* hw: Vector Register Data Sampling (CVE-2020-0548)\n\n* hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\n* hw: vt-d related privilege escalation (CVE-2020-24489)\n\n* hw: improper isolation of shared resources in some Intel Processors (CVE-2020-24511)\n\n* hw: observable timing discrepancy in some Intel Processors (CVE-2020-24512)\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:3029",
        "url": "https://access.redhat.com/errata/RHSA-2021:3029"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1788786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
      },
      {
        "category": "external",
        "summary": "1788788",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
      },
      {
        "category": "external",
        "summary": "1827165",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "external",
        "summary": "1962650",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
      },
      {
        "category": "external",
        "summary": "1962702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
      },
      {
        "category": "external",
        "summary": "1962722",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
      },
      {
        "category": "external",
        "summary": "1972332",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1972332"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3029.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T19:59:29+00:00",
      "generator": {
        "date": "2025-10-09T19:59:29+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2021:3029",
      "initial_release_date": "2021-08-10T16:13:33+00:00",
      "revision_history": [
        {
          "date": "2021-08-10T16:13:33+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-08-10T16:13:33+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T19:59:29+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ComputeNode EUS (v. 7.7)",
                "product": {
                  "name": "Red Hat Enterprise Linux ComputeNode EUS (v. 7.7)",
                  "product_id": "7ComputeNode-7.7.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_eus:7.7::computenode"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server EUS (v. 7.7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server EUS (v. 7.7)",
                  "product_id": "7Server-7.7.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_eus:7.7::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-53.18.el7_7.src",
                "product": {
                  "name": "microcode_ctl-2:2.1-53.18.el7_7.src",
                  "product_id": "microcode_ctl-2:2.1-53.18.el7_7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-53.18.el7_7?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-53.18.el7_7.x86_64",
                "product": {
                  "name": "microcode_ctl-2:2.1-53.18.el7_7.x86_64",
                  "product_id": "microcode_ctl-2:2.1-53.18.el7_7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-53.18.el7_7?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
                "product": {
                  "name": "microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
                  "product_id": "microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl-debuginfo@2.1-53.18.el7_7?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-53.18.el7_7.src as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.7)",
          "product_id": "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src"
        },
        "product_reference": "microcode_ctl-2:2.1-53.18.el7_7.src",
        "relates_to_product_reference": "7ComputeNode-7.7.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-53.18.el7_7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.7)",
          "product_id": "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-53.18.el7_7.x86_64",
        "relates_to_product_reference": "7ComputeNode-7.7.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.7)",
          "product_id": "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
        "relates_to_product_reference": "7ComputeNode-7.7.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-53.18.el7_7.src as a component of Red Hat Enterprise Linux Server EUS (v. 7.7)",
          "product_id": "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src"
        },
        "product_reference": "microcode_ctl-2:2.1-53.18.el7_7.src",
        "relates_to_product_reference": "7Server-7.7.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-53.18.el7_7.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.7)",
          "product_id": "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-53.18.el7_7.x86_64",
        "relates_to_product_reference": "7Server-7.7.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.7)",
          "product_id": "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
        "relates_to_product_reference": "7Server-7.7.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-0543",
      "discovery_date": "2020-04-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1827165"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Special Register Buffer Data Sampling (SRBDS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/5142691",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "RHBZ#1827165",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142691",
          "url": "https://access.redhat.com/solutions/5142691"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142751",
          "url": "https://access.redhat.com/solutions/5142751"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri",
          "url": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling",
          "url": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling"
        },
        {
          "category": "external",
          "summary": "https://xenbits.xen.org/xsa/advisory-320.html",
          "url": "https://xenbits.xen.org/xsa/advisory-320.html"
        }
      ],
      "release_date": "2020-06-09T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-10T16:13:33+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3029"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Special Register Buffer Data Sampling (SRBDS)"
    },
    {
      "cve": "CVE-2020-0548",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788786"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read by another process or a CPU sibling. The highest threat from this vulnerability is data confidentiality where an attacker could read arbitrary data as it passes through the processor.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Data Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788786",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-10T16:13:33+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3029"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: Vector Register Data Sampling"
    },
    {
      "cve": "CVE-2020-0549",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788788"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the \u201cfill buffers\u201d and not properly cleared by the MDS mitigations. The fill buffer contents (which were expected to be blank) can be inferred using MDS or TAA style attack methods to allow a local attacker to infer fill buffer values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: L1D Cache Eviction Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788788",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-10T16:13:33+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3029"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: L1D Cache Eviction Sampling"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-10T16:13:33+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3029"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-10T16:13:33+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3029"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-10T16:13:33+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3029"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24489",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962650"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel\u00ae VT-d products. Entries from the context cache on some types of context cache invalidations may not be properly invalidated which may allow an authenticated user to potentially enable escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: vt-d related privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962650",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-10T16:13:33+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3029"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hw: vt-d related privilege escalation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24511",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962702"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Microcode misconfiguration in some Intel processors may cause EIBRS mitigation (CVE-2017-5715) to be incomplete. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: improper isolation of shared resources in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962702",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24511",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-10T16:13:33+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3029"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: improper isolation of shared resources in some Intel Processors"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24512",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962722"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: observable timing discrepancy in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962722",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24512",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-10T16:13:33+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3029"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.18.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.18.el7_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: observable timing discrepancy in some Intel Processors"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n* hw: Vector Register Data Sampling (CVE-2020-0548)\n\n* hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\n* hw: vt-d related privilege escalation (CVE-2020-24489)\n\n* hw: improper isolation of shared resources in some Intel Processors\n(CVE-2020-24511)\n\n* hw: observable timing discrepancy in some Intel Processors\n(CVE-2020-24512)\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface\n(CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:3028",
        "url": "https://access.redhat.com/errata/RHSA-2021:3028"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1788786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
      },
      {
        "category": "external",
        "summary": "1788788",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
      },
      {
        "category": "external",
        "summary": "1827165",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "external",
        "summary": "1897684",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897684"
      },
      {
        "category": "external",
        "summary": "1962650",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
      },
      {
        "category": "external",
        "summary": "1962702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
      },
      {
        "category": "external",
        "summary": "1962722",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3028.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T19:59:33+00:00",
      "generator": {
        "date": "2025-10-09T19:59:33+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2021:3028",
      "initial_release_date": "2021-08-09T10:18:52+00:00",
      "revision_history": [
        {
          "date": "2021-08-09T10:18:52+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-08-09T10:18:52+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T19:59:33+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Client (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Client (v. 7)",
                  "product_id": "7Client-7.9.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server (v. 7)",
                  "product_id": "7Server-7.9.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation (v. 7)",
                  "product_id": "7Workstation-7.9.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-73.11.el7_9.src",
                "product": {
                  "name": "microcode_ctl-2:2.1-73.11.el7_9.src",
                  "product_id": "microcode_ctl-2:2.1-73.11.el7_9.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-73.11.el7_9?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-73.11.el7_9.x86_64",
                "product": {
                  "name": "microcode_ctl-2:2.1-73.11.el7_9.x86_64",
                  "product_id": "microcode_ctl-2:2.1-73.11.el7_9.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-73.11.el7_9?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
                "product": {
                  "name": "microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
                  "product_id": "microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl-debuginfo@2.1-73.11.el7_9?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-73.11.el7_9.src as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src"
        },
        "product_reference": "microcode_ctl-2:2.1-73.11.el7_9.src",
        "relates_to_product_reference": "7Client-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-73.11.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-73.11.el7_9.x86_64",
        "relates_to_product_reference": "7Client-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
        "relates_to_product_reference": "7Client-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-73.11.el7_9.src as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src"
        },
        "product_reference": "microcode_ctl-2:2.1-73.11.el7_9.src",
        "relates_to_product_reference": "7Server-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-73.11.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-73.11.el7_9.x86_64",
        "relates_to_product_reference": "7Server-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
        "relates_to_product_reference": "7Server-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-73.11.el7_9.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src"
        },
        "product_reference": "microcode_ctl-2:2.1-73.11.el7_9.src",
        "relates_to_product_reference": "7Workstation-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-73.11.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-73.11.el7_9.x86_64",
        "relates_to_product_reference": "7Workstation-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
        "relates_to_product_reference": "7Workstation-7.9.Z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-0543",
      "discovery_date": "2020-04-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1827165"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Special Register Buffer Data Sampling (SRBDS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/5142691",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "RHBZ#1827165",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142691",
          "url": "https://access.redhat.com/solutions/5142691"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142751",
          "url": "https://access.redhat.com/solutions/5142751"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri",
          "url": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling",
          "url": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling"
        },
        {
          "category": "external",
          "summary": "https://xenbits.xen.org/xsa/advisory-320.html",
          "url": "https://xenbits.xen.org/xsa/advisory-320.html"
        }
      ],
      "release_date": "2020-06-09T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T10:18:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3028"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Special Register Buffer Data Sampling (SRBDS)"
    },
    {
      "cve": "CVE-2020-0548",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788786"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read by another process or a CPU sibling. The highest threat from this vulnerability is data confidentiality where an attacker could read arbitrary data as it passes through the processor.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Data Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788786",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T10:18:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3028"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: Vector Register Data Sampling"
    },
    {
      "cve": "CVE-2020-0549",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788788"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the \u201cfill buffers\u201d and not properly cleared by the MDS mitigations. The fill buffer contents (which were expected to be blank) can be inferred using MDS or TAA style attack methods to allow a local attacker to infer fill buffer values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: L1D Cache Eviction Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788788",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T10:18:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3028"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: L1D Cache Eviction Sampling"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T10:18:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3028"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T10:18:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3028"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T10:18:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3028"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24489",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962650"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel\u00ae VT-d products. Entries from the context cache on some types of context cache invalidations may not be properly invalidated which may allow an authenticated user to potentially enable escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: vt-d related privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962650",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T10:18:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3028"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hw: vt-d related privilege escalation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24511",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962702"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Microcode misconfiguration in some Intel processors may cause EIBRS mitigation (CVE-2017-5715) to be incomplete. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: improper isolation of shared resources in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962702",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24511",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T10:18:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3028"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: improper isolation of shared resources in some Intel Processors"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24512",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962722"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: observable timing discrepancy in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962722",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24512",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T10:18:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3028"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: observable timing discrepancy in some Intel Processors"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fixes:\n\n* hw: Vector Register Data Sampling (CVE-2020-0548)\n\n* hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\n* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\n* hw: vt-d related privilege escalation (CVE-2020-24489)\n\n* hw: improper isolation of shared resources in some Intel Processors (CVE-2020-24511)\n\n* hw: observable timing discrepancy in some Intel Processors (CVE-2020-24512)\n\nBug Fix(es):\n\n* [rhel-8.1.0.z] Re-enable 06-5e-03 (SKL-H/S, CPUID 0x506e3) latest microcode updates (BZ#1972327)\n\n* [rhel-8.1.0.z] Re-enable 06-8c-01 (TGL-UP3/UP4, CPUID 0x806c1)  latest microcode updates (BZ#1972331)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:3176",
        "url": "https://access.redhat.com/errata/RHSA-2021:3176"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1788786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
      },
      {
        "category": "external",
        "summary": "1788788",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
      },
      {
        "category": "external",
        "summary": "1827165",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "external",
        "summary": "1962650",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
      },
      {
        "category": "external",
        "summary": "1962702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
      },
      {
        "category": "external",
        "summary": "1962722",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
      },
      {
        "category": "external",
        "summary": "1972327",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1972327"
      },
      {
        "category": "external",
        "summary": "1972331",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1972331"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3176.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T19:59:30+00:00",
      "generator": {
        "date": "2025-10-09T19:59:30+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2021:3176",
      "initial_release_date": "2021-08-17T08:33:36+00:00",
      "revision_history": [
        {
          "date": "2021-08-17T08:33:36+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-08-17T08:33:36+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T19:59:30+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux BaseOS EUS (v. 8.1)",
                "product": {
                  "name": "Red Hat Enterprise Linux BaseOS EUS (v. 8.1)",
                  "product_id": "BaseOS-8.1.0.Z.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_eus:8.1::baseos"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
                "product": {
                  "name": "microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
                  "product_id": "microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20190618-1.20210608.1.el8_1?arch=src\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64",
                "product": {
                  "name": "microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64",
                  "product_id": "microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20190618-1.20210608.1.el8_1?arch=x86_64\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20190618-1.20210608.1.el8_1.src as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)",
          "product_id": "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src"
        },
        "product_reference": "microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
        "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)",
          "product_id": "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
        },
        "product_reference": "microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64",
        "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-0543",
      "discovery_date": "2020-04-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1827165"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Special Register Buffer Data Sampling (SRBDS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/5142691",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "RHBZ#1827165",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142691",
          "url": "https://access.redhat.com/solutions/5142691"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142751",
          "url": "https://access.redhat.com/solutions/5142751"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri",
          "url": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling",
          "url": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling"
        },
        {
          "category": "external",
          "summary": "https://xenbits.xen.org/xsa/advisory-320.html",
          "url": "https://xenbits.xen.org/xsa/advisory-320.html"
        }
      ],
      "release_date": "2020-06-09T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-17T08:33:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3176"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Special Register Buffer Data Sampling (SRBDS)"
    },
    {
      "cve": "CVE-2020-0548",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788786"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read by another process or a CPU sibling. The highest threat from this vulnerability is data confidentiality where an attacker could read arbitrary data as it passes through the processor.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Data Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788786",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-17T08:33:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3176"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: Vector Register Data Sampling"
    },
    {
      "cve": "CVE-2020-0549",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788788"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the \u201cfill buffers\u201d and not properly cleared by the MDS mitigations. The fill buffer contents (which were expected to be blank) can be inferred using MDS or TAA style attack methods to allow a local attacker to infer fill buffer values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: L1D Cache Eviction Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788788",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-17T08:33:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3176"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: L1D Cache Eviction Sampling"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-17T08:33:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3176"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-17T08:33:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3176"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-17T08:33:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3176"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24489",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962650"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel\u00ae VT-d products. Entries from the context cache on some types of context cache invalidations may not be properly invalidated which may allow an authenticated user to potentially enable escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: vt-d related privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962650",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-17T08:33:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3176"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hw: vt-d related privilege escalation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24511",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962702"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Microcode misconfiguration in some Intel processors may cause EIBRS mitigation (CVE-2017-5715) to be incomplete. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: improper isolation of shared resources in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962702",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24511",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-17T08:33:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3176"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: improper isolation of shared resources in some Intel Processors"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24512",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962722"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: observable timing discrepancy in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962722",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24512",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-17T08:33:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3176"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: observable timing discrepancy in some Intel Processors"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Vector Register Data Sampling (CVE-2020-0548)\n\n* hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\n* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\n* hw: vt-d related privilege escalation (CVE-2020-24489)\n\n* hw: improper isolation of shared resources in some Intel Processors (CVE-2020-24511)\n\n* hw: observable timing discrepancy in some Intel Processors (CVE-2020-24512)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:3323",
        "url": "https://access.redhat.com/errata/RHSA-2021:3323"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1788786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
      },
      {
        "category": "external",
        "summary": "1788788",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
      },
      {
        "category": "external",
        "summary": "1827165",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "external",
        "summary": "1962650",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
      },
      {
        "category": "external",
        "summary": "1962702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
      },
      {
        "category": "external",
        "summary": "1962722",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
      },
      {
        "category": "external",
        "summary": "1972336",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1972336"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3323.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2024-12-29T19:05:16+00:00",
      "generator": {
        "date": "2024-12-29T19:05:16+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.4"
        }
      },
      "id": "RHSA-2021:3323",
      "initial_release_date": "2021-08-31T07:59:36+00:00",
      "revision_history": [
        {
          "date": "2021-08-31T07:59:36+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-08-31T07:59:36+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-29T19:05:16+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server AUS (v. 7.2)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server AUS (v. 7.2)",
                  "product_id": "7Server-7.2.AUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_aus:7.2::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-12.39.el7_2.src",
                "product": {
                  "name": "microcode_ctl-2:2.1-12.39.el7_2.src",
                  "product_id": "microcode_ctl-2:2.1-12.39.el7_2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-12.39.el7_2?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-12.39.el7_2.x86_64",
                "product": {
                  "name": "microcode_ctl-2:2.1-12.39.el7_2.x86_64",
                  "product_id": "microcode_ctl-2:2.1-12.39.el7_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-12.39.el7_2?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64",
                "product": {
                  "name": "microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64",
                  "product_id": "microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl-debuginfo@2.1-12.39.el7_2?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-12.39.el7_2.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)",
          "product_id": "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src"
        },
        "product_reference": "microcode_ctl-2:2.1-12.39.el7_2.src",
        "relates_to_product_reference": "7Server-7.2.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-12.39.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)",
          "product_id": "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-12.39.el7_2.x86_64",
        "relates_to_product_reference": "7Server-7.2.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)",
          "product_id": "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64",
        "relates_to_product_reference": "7Server-7.2.AUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-0543",
      "discovery_date": "2020-04-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1827165"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Special Register Buffer Data Sampling (SRBDS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/5142691",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
          "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "RHBZ#1827165",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142691",
          "url": "https://access.redhat.com/solutions/5142691"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142751",
          "url": "https://access.redhat.com/solutions/5142751"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri",
          "url": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling",
          "url": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling"
        },
        {
          "category": "external",
          "summary": "https://xenbits.xen.org/xsa/advisory-320.html",
          "url": "https://xenbits.xen.org/xsa/advisory-320.html"
        }
      ],
      "release_date": "2020-06-09T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T07:59:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3323"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Special Register Buffer Data Sampling (SRBDS)"
    },
    {
      "cve": "CVE-2020-0548",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788786"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read by another process or a CPU sibling. The highest threat from this vulnerability is data confidentiality where an attacker could read arbitrary data as it passes through the processor.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Data Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
          "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788786",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T07:59:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3323"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: Vector Register Data Sampling"
    },
    {
      "cve": "CVE-2020-0549",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788788"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the \u201cfill buffers\u201d and not properly cleared by the MDS mitigations. The fill buffer contents (which were expected to be blank) can be inferred using MDS or TAA style attack methods to allow a local attacker to infer fill buffer values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: L1D Cache Eviction Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
          "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788788",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T07:59:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3323"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: L1D Cache Eviction Sampling"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
          "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T07:59:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3323"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
          "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T07:59:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3323"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
          "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T07:59:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3323"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24489",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962650"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel\u00ae VT-d products. Entries from the context cache on some types of context cache invalidations may not be properly invalidated which may allow an authenticated user to potentially enable escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: vt-d related privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
          "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962650",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T07:59:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3323"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hw: vt-d related privilege escalation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24511",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962702"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Microcode misconfiguration in some Intel processors may cause EIBRS mitigation (CVE-2017-5715) to be incomplete. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: improper isolation of shared resources in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
          "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962702",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24511",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T07:59:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3323"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: improper isolation of shared resources in some Intel Processors"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24512",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962722"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: observable timing discrepancy in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
          "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962722",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24512",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T07:59:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3323"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: observable timing discrepancy in some Intel Processors"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Security Fix(es):\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nBug Fix(es) and Enhancement(s):\n\n* Update Intel CPU microcode to microcode-20201027 release, addresses:\n  - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;\n  - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;\n  - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;\n  - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;\n  - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;\n  - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision\n    0xe0;\n  - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in\n    intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in\n    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up\n    to 0x2006a08;\n  - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in\n    intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up\n    to 0xe0;\n  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)\n    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from\n    revision 0xd6 up to 0xde;\n  - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode\n    from revision 0x43 up to 0x44;\n  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157\n    up to 0x1000159;\n  - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01\n    up to 0x4003003;\n  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision\n    0x5002f01 up to 0x5003003;\n  - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up\n    to 0x40;\n  - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up\n    to 0x1e;\n  - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up\n    to 0x18;\n  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78\n    up to 0xa0;\n  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca\n    up to 0xe0.\n\n* Add README file to the documentation directory.\n\n* Add publicly-sourced codenames list to supply to gen_provides.sh; update the latter to handle the somewhat different format.\n\n* Add SUMMARY.intel-ucode file containing metadata information from the microcode file headers.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:5083",
        "url": "https://access.redhat.com/errata/RHSA-2020:5083"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5083.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T21:12:03+00:00",
      "generator": {
        "date": "2025-10-09T21:12:03+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2020:5083",
      "initial_release_date": "2020-11-11T10:19:00+00:00",
      "revision_history": [
        {
          "date": "2020-11-11T10:19:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-11-11T10:19:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T21:12:03+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Client (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Client (v. 7)",
                  "product_id": "7Client-7.9.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server (v. 7)",
                  "product_id": "7Server-7.9.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation (v. 7)",
                  "product_id": "7Workstation-7.9.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-73.2.el7_9.x86_64",
                "product": {
                  "name": "microcode_ctl-2:2.1-73.2.el7_9.x86_64",
                  "product_id": "microcode_ctl-2:2.1-73.2.el7_9.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-73.2.el7_9?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
                "product": {
                  "name": "microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
                  "product_id": "microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl-debuginfo@2.1-73.2.el7_9?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-73.2.el7_9.src",
                "product": {
                  "name": "microcode_ctl-2:2.1-73.2.el7_9.src",
                  "product_id": "microcode_ctl-2:2.1-73.2.el7_9.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-73.2.el7_9?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-73.2.el7_9.src as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src"
        },
        "product_reference": "microcode_ctl-2:2.1-73.2.el7_9.src",
        "relates_to_product_reference": "7Client-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-73.2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-73.2.el7_9.x86_64",
        "relates_to_product_reference": "7Client-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
        "relates_to_product_reference": "7Client-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-73.2.el7_9.src as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src"
        },
        "product_reference": "microcode_ctl-2:2.1-73.2.el7_9.src",
        "relates_to_product_reference": "7Server-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-73.2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-73.2.el7_9.x86_64",
        "relates_to_product_reference": "7Server-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
        "relates_to_product_reference": "7Server-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-73.2.el7_9.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src"
        },
        "product_reference": "microcode_ctl-2:2.1-73.2.el7_9.src",
        "relates_to_product_reference": "7Workstation-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-73.2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-73.2.el7_9.x86_64",
        "relates_to_product_reference": "7Workstation-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
        "relates_to_product_reference": "7Workstation-7.9.Z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
          "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-11T10:19:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5083"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
          "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-11T10:19:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5083"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
          "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-11T10:19:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5083"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.2.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.2.el7_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Vector Register Data Sampling (CVE-2020-0548)\n\n* hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\n* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface\n(CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\n* hw: vt-d related privilege escalation (CVE-2020-24489)\n\n* hw: improper isolation of shared resources in some Intel Processors\n(CVE-2020-24511)\n\n* hw: observable timing discrepancy in some Intel Processors\n(CVE-2020-24512)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:3322",
        "url": "https://access.redhat.com/errata/RHSA-2021:3322"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1788786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
      },
      {
        "category": "external",
        "summary": "1788788",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
      },
      {
        "category": "external",
        "summary": "1827165",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "external",
        "summary": "1962650",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
      },
      {
        "category": "external",
        "summary": "1962702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
      },
      {
        "category": "external",
        "summary": "1962722",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
      },
      {
        "category": "external",
        "summary": "1972335",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1972335"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3322.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T19:59:31+00:00",
      "generator": {
        "date": "2025-10-09T19:59:31+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2021:3322",
      "initial_release_date": "2021-08-31T08:15:28+00:00",
      "revision_history": [
        {
          "date": "2021-08-31T08:15:28+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-08-31T08:15:28+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T19:59:31+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server AUS (v. 7.3)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server AUS (v. 7.3)",
                  "product_id": "7Server-7.3.AUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_aus:7.3::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-16.42.el7_3.src",
                "product": {
                  "name": "microcode_ctl-2:2.1-16.42.el7_3.src",
                  "product_id": "microcode_ctl-2:2.1-16.42.el7_3.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-16.42.el7_3?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-16.42.el7_3.x86_64",
                "product": {
                  "name": "microcode_ctl-2:2.1-16.42.el7_3.x86_64",
                  "product_id": "microcode_ctl-2:2.1-16.42.el7_3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-16.42.el7_3?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64",
                "product": {
                  "name": "microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64",
                  "product_id": "microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl-debuginfo@2.1-16.42.el7_3?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-16.42.el7_3.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
          "product_id": "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src"
        },
        "product_reference": "microcode_ctl-2:2.1-16.42.el7_3.src",
        "relates_to_product_reference": "7Server-7.3.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-16.42.el7_3.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
          "product_id": "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-16.42.el7_3.x86_64",
        "relates_to_product_reference": "7Server-7.3.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
          "product_id": "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64",
        "relates_to_product_reference": "7Server-7.3.AUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-0543",
      "discovery_date": "2020-04-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1827165"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Special Register Buffer Data Sampling (SRBDS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/5142691",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
          "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "RHBZ#1827165",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142691",
          "url": "https://access.redhat.com/solutions/5142691"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142751",
          "url": "https://access.redhat.com/solutions/5142751"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri",
          "url": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling",
          "url": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling"
        },
        {
          "category": "external",
          "summary": "https://xenbits.xen.org/xsa/advisory-320.html",
          "url": "https://xenbits.xen.org/xsa/advisory-320.html"
        }
      ],
      "release_date": "2020-06-09T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:15:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3322"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Special Register Buffer Data Sampling (SRBDS)"
    },
    {
      "cve": "CVE-2020-0548",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788786"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read by another process or a CPU sibling. The highest threat from this vulnerability is data confidentiality where an attacker could read arbitrary data as it passes through the processor.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Data Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
          "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788786",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:15:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3322"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: Vector Register Data Sampling"
    },
    {
      "cve": "CVE-2020-0549",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788788"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the \u201cfill buffers\u201d and not properly cleared by the MDS mitigations. The fill buffer contents (which were expected to be blank) can be inferred using MDS or TAA style attack methods to allow a local attacker to infer fill buffer values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: L1D Cache Eviction Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
          "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788788",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:15:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3322"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: L1D Cache Eviction Sampling"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
          "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:15:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3322"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
          "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:15:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3322"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
          "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:15:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3322"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24489",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962650"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel\u00ae VT-d products. Entries from the context cache on some types of context cache invalidations may not be properly invalidated which may allow an authenticated user to potentially enable escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: vt-d related privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
          "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962650",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:15:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3322"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hw: vt-d related privilege escalation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24511",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962702"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Microcode misconfiguration in some Intel processors may cause EIBRS mitigation (CVE-2017-5715) to be incomplete. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: improper isolation of shared resources in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
          "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962702",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24511",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:15:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3322"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: improper isolation of shared resources in some Intel Processors"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24512",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962722"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: observable timing discrepancy in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
          "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962722",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24512",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:15:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3322"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: observable timing discrepancy in some Intel Processors"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat enterprise Linux 8.1\nExtended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\nBug Fix(es) and Enhancement(s):\n\n* Update Intel CPU microcode to microcode-20201027 release, addresses:\n  - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;\n  - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;\n  - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;\n  - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;\n  - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;\n  - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision\n    0xe0;\n  - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in\n    intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in\n    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up\n    to 0x2006a08;\n  - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in\n    intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up\n    to 0xe0;\n  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)\n    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from\n    revision 0xd6 up to 0xde;\n  - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode\n    from revision 0x43 up to 0x44;\n  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157\n    up to 0x1000159;\n  - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01\n    up to 0x4003003;\n  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision\n    0x5002f01 up to 0x5003003;\n  - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up\n    to 0x40;\n  - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up\n    to 0x1e;\n  - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up\n    to 0x18;\n  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78\n    up to 0xa0;\n  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca\n    up to 0xe0.\n\n* Add README file to the documentation directory.\n\n* Add publicly-sourced codenames list to supply to gen_provides.sh; update\n  the latter to handle the somewhat different format.\n\n* Add SUMMARY.intel-ucode file containing metadata information from\n  the microcode file headers.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:5369",
        "url": "https://access.redhat.com/errata/RHSA-2020:5369"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5369.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T21:12:06+00:00",
      "generator": {
        "date": "2025-10-09T21:12:06+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2020:5369",
      "initial_release_date": "2020-12-08T17:42:44+00:00",
      "revision_history": [
        {
          "date": "2020-12-08T17:42:44+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-12-08T17:42:44+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T21:12:06+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux BaseOS EUS (v. 8.1)",
                "product": {
                  "name": "Red Hat Enterprise Linux BaseOS EUS (v. 8.1)",
                  "product_id": "BaseOS-8.1.0.Z.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_eus:8.1::baseos"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64",
                "product": {
                  "name": "microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64",
                  "product_id": "microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20190618-1.20201112.1.el8_1?arch=x86_64\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
                "product": {
                  "name": "microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
                  "product_id": "microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20190618-1.20201112.1.el8_1?arch=src\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20190618-1.20201112.1.el8_1.src as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)",
          "product_id": "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.src"
        },
        "product_reference": "microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
        "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)",
          "product_id": "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64"
        },
        "product_reference": "microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64",
        "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-12-08T17:42:44+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5369"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-12-08T17:42:44+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5369"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-12-08T17:42:44+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5369"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux\n7.6 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "* hw: Vector Register Data Sampling (CVE-2020-0548)\n\n* hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\n* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface\n(CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\n* hw: vt-d related privilege escalation (CVE-2020-24489)\n\n* hw: improper isolation of shared resources in some Intel Processors\n(CVE-2020-24511)\n\n* hw: observable timing discrepancy in some Intel Processors\n(CVE-2020-24512)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:3317",
        "url": "https://access.redhat.com/errata/RHSA-2021:3317"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1788786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
      },
      {
        "category": "external",
        "summary": "1788788",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
      },
      {
        "category": "external",
        "summary": "1827165",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "external",
        "summary": "1962650",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
      },
      {
        "category": "external",
        "summary": "1962702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
      },
      {
        "category": "external",
        "summary": "1962722",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
      },
      {
        "category": "external",
        "summary": "1972333",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1972333"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3317.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T19:59:30+00:00",
      "generator": {
        "date": "2025-10-09T19:59:30+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2021:3317",
      "initial_release_date": "2021-08-31T08:30:36+00:00",
      "revision_history": [
        {
          "date": "2021-08-31T08:30:36+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-08-31T08:30:36+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T19:59:30+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server AUS (v. 7.6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server AUS (v. 7.6)",
                  "product_id": "7Server-7.6.AUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_aus:7.6::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server E4S (v. 7.6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server E4S (v. 7.6)",
                  "product_id": "7Server-7.6.E4S",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_e4s:7.6::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server TUS (v. 7.6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server TUS (v. 7.6)",
                  "product_id": "7Server-7.6.TUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_tus:7.6::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-47.23.el7_6.src",
                "product": {
                  "name": "microcode_ctl-2:2.1-47.23.el7_6.src",
                  "product_id": "microcode_ctl-2:2.1-47.23.el7_6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-47.23.el7_6?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-47.23.el7_6.x86_64",
                "product": {
                  "name": "microcode_ctl-2:2.1-47.23.el7_6.x86_64",
                  "product_id": "microcode_ctl-2:2.1-47.23.el7_6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-47.23.el7_6?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
                "product": {
                  "name": "microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
                  "product_id": "microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl-debuginfo@2.1-47.23.el7_6?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-47.23.el7_6.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.6)",
          "product_id": "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src"
        },
        "product_reference": "microcode_ctl-2:2.1-47.23.el7_6.src",
        "relates_to_product_reference": "7Server-7.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-47.23.el7_6.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.6)",
          "product_id": "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-47.23.el7_6.x86_64",
        "relates_to_product_reference": "7Server-7.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.6)",
          "product_id": "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
        "relates_to_product_reference": "7Server-7.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-47.23.el7_6.src as a component of Red Hat Enterprise Linux Server E4S (v. 7.6)",
          "product_id": "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src"
        },
        "product_reference": "microcode_ctl-2:2.1-47.23.el7_6.src",
        "relates_to_product_reference": "7Server-7.6.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-47.23.el7_6.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.6)",
          "product_id": "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-47.23.el7_6.x86_64",
        "relates_to_product_reference": "7Server-7.6.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.6)",
          "product_id": "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
        "relates_to_product_reference": "7Server-7.6.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-47.23.el7_6.src as a component of Red Hat Enterprise Linux Server TUS (v. 7.6)",
          "product_id": "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src"
        },
        "product_reference": "microcode_ctl-2:2.1-47.23.el7_6.src",
        "relates_to_product_reference": "7Server-7.6.TUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-47.23.el7_6.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.6)",
          "product_id": "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-47.23.el7_6.x86_64",
        "relates_to_product_reference": "7Server-7.6.TUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.6)",
          "product_id": "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
        "relates_to_product_reference": "7Server-7.6.TUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-0543",
      "discovery_date": "2020-04-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1827165"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Special Register Buffer Data Sampling (SRBDS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/5142691",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "RHBZ#1827165",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142691",
          "url": "https://access.redhat.com/solutions/5142691"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142751",
          "url": "https://access.redhat.com/solutions/5142751"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri",
          "url": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling",
          "url": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling"
        },
        {
          "category": "external",
          "summary": "https://xenbits.xen.org/xsa/advisory-320.html",
          "url": "https://xenbits.xen.org/xsa/advisory-320.html"
        }
      ],
      "release_date": "2020-06-09T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:30:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3317"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Special Register Buffer Data Sampling (SRBDS)"
    },
    {
      "cve": "CVE-2020-0548",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788786"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read by another process or a CPU sibling. The highest threat from this vulnerability is data confidentiality where an attacker could read arbitrary data as it passes through the processor.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Data Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788786",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:30:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3317"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: Vector Register Data Sampling"
    },
    {
      "cve": "CVE-2020-0549",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788788"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the \u201cfill buffers\u201d and not properly cleared by the MDS mitigations. The fill buffer contents (which were expected to be blank) can be inferred using MDS or TAA style attack methods to allow a local attacker to infer fill buffer values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: L1D Cache Eviction Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788788",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:30:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3317"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: L1D Cache Eviction Sampling"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:30:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3317"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:30:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3317"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:30:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3317"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24489",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962650"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel\u00ae VT-d products. Entries from the context cache on some types of context cache invalidations may not be properly invalidated which may allow an authenticated user to potentially enable escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: vt-d related privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962650",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:30:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3317"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hw: vt-d related privilege escalation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24511",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962702"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Microcode misconfiguration in some Intel processors may cause EIBRS mitigation (CVE-2017-5715) to be incomplete. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: improper isolation of shared resources in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962702",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24511",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:30:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3317"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: improper isolation of shared resources in some Intel Processors"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24512",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962722"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: observable timing discrepancy in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962722",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24512",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:30:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3317"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: observable timing discrepancy in some Intel Processors"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\nBug Fix(es) and Enhancement(s):\n* Update Intel CPU microcode to microcode-20201112 release, addresses:\n  - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;\n  - Addition of 06-8a-01/0x10 (LKF B2/B3) microcode at revision 0x28;\n  - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;\n  - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;\n  - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;\n  - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;\n  - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision\n    0xe0;\n  - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in\n    intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in\n    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up\n    to 0x2006a08;\n  - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in\n    intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up\n    to 0xe0;\n  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)\n    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from\n    revision 0xd6 up to 0xde;\n  - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode\n    from revision 0x43 up to 0x44;\n  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157\n    up to 0x1000159;\n  - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01\n    up to 0x4003003;\n  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision\n    0x5002f01 up to 0x5003003;\n  - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up\n    to 0x40;\n  - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up\n    to 0x1e;\n  - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x32 up\n    to 0x34;\n  - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up\n    to 0x18;\n  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78\n    up to 0xa0;\n  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca\n    up to 0xe0.\n* Disable 06-8c-01 (TGL-UP3/UP4 B1) microcode update by default.\n* Add README file to the documentation directory.\n* Add publicly-sourced codenames list to supply to gen_provides.sh; update\n  the latter to handle the somewhat different format.\n* Add SUMMARY.intel-ucode file",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:5181",
        "url": "https://access.redhat.com/errata/RHSA-2020:5181"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5181.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T21:12:02+00:00",
      "generator": {
        "date": "2025-10-09T21:12:02+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2020:5181",
      "initial_release_date": "2020-11-23T18:01:27+00:00",
      "revision_history": [
        {
          "date": "2020-11-23T18:01:27+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-11-23T18:01:27+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T21:12:02+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ComputeNode EUS (v. 7.6)",
                "product": {
                  "name": "Red Hat Enterprise Linux ComputeNode EUS (v. 7.6)",
                  "product_id": "7ComputeNode-7.6.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_eus:7.6::computenode"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server EUS (v. 7.6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server EUS (v. 7.6)",
                  "product_id": "7Server-7.6.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_eus:7.6::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-47.18.el7_6.x86_64",
                "product": {
                  "name": "microcode_ctl-2:2.1-47.18.el7_6.x86_64",
                  "product_id": "microcode_ctl-2:2.1-47.18.el7_6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-47.18.el7_6?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
                "product": {
                  "name": "microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
                  "product_id": "microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl-debuginfo@2.1-47.18.el7_6?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-47.18.el7_6.src",
                "product": {
                  "name": "microcode_ctl-2:2.1-47.18.el7_6.src",
                  "product_id": "microcode_ctl-2:2.1-47.18.el7_6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-47.18.el7_6?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-47.18.el7_6.src as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.6)",
          "product_id": "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src"
        },
        "product_reference": "microcode_ctl-2:2.1-47.18.el7_6.src",
        "relates_to_product_reference": "7ComputeNode-7.6.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-47.18.el7_6.x86_64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.6)",
          "product_id": "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-47.18.el7_6.x86_64",
        "relates_to_product_reference": "7ComputeNode-7.6.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.6)",
          "product_id": "7ComputeNode-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
        "relates_to_product_reference": "7ComputeNode-7.6.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-47.18.el7_6.src as a component of Red Hat Enterprise Linux Server EUS (v. 7.6)",
          "product_id": "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src"
        },
        "product_reference": "microcode_ctl-2:2.1-47.18.el7_6.src",
        "relates_to_product_reference": "7Server-7.6.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-47.18.el7_6.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.6)",
          "product_id": "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-47.18.el7_6.x86_64",
        "relates_to_product_reference": "7Server-7.6.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.6)",
          "product_id": "7Server-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
        "relates_to_product_reference": "7Server-7.6.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
          "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
          "7ComputeNode-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
          "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
          "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
          "7Server-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T18:01:27+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7ComputeNode-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5181"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7ComputeNode-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7ComputeNode-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
          "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
          "7ComputeNode-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
          "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
          "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
          "7Server-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T18:01:27+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7ComputeNode-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5181"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7ComputeNode-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
          "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
          "7ComputeNode-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
          "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
          "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
          "7Server-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T18:01:27+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7ComputeNode-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5181"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7ComputeNode-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Vector Register Data Sampling (CVE-2020-0548)\n\n* hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\n* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\n* hw: vt-d related privilege escalation (CVE-2020-24489)\n\n* hw: improper isolation of shared resources in some Intel Processors (CVE-2020-24511)\n\n* hw: observable timing discrepancy in some Intel Processors (CVE-2020-24512)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:3323",
        "url": "https://access.redhat.com/errata/RHSA-2021:3323"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1788786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
      },
      {
        "category": "external",
        "summary": "1788788",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
      },
      {
        "category": "external",
        "summary": "1827165",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "external",
        "summary": "1962650",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
      },
      {
        "category": "external",
        "summary": "1962702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
      },
      {
        "category": "external",
        "summary": "1962722",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
      },
      {
        "category": "external",
        "summary": "1972336",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1972336"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3323.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T19:59:31+00:00",
      "generator": {
        "date": "2025-10-09T19:59:31+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2021:3323",
      "initial_release_date": "2021-08-31T07:59:36+00:00",
      "revision_history": [
        {
          "date": "2021-08-31T07:59:36+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-08-31T07:59:36+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T19:59:31+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server AUS (v. 7.2)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server AUS (v. 7.2)",
                  "product_id": "7Server-7.2.AUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_aus:7.2::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-12.39.el7_2.src",
                "product": {
                  "name": "microcode_ctl-2:2.1-12.39.el7_2.src",
                  "product_id": "microcode_ctl-2:2.1-12.39.el7_2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-12.39.el7_2?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-12.39.el7_2.x86_64",
                "product": {
                  "name": "microcode_ctl-2:2.1-12.39.el7_2.x86_64",
                  "product_id": "microcode_ctl-2:2.1-12.39.el7_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-12.39.el7_2?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64",
                "product": {
                  "name": "microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64",
                  "product_id": "microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl-debuginfo@2.1-12.39.el7_2?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-12.39.el7_2.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)",
          "product_id": "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src"
        },
        "product_reference": "microcode_ctl-2:2.1-12.39.el7_2.src",
        "relates_to_product_reference": "7Server-7.2.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-12.39.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)",
          "product_id": "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-12.39.el7_2.x86_64",
        "relates_to_product_reference": "7Server-7.2.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)",
          "product_id": "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64",
        "relates_to_product_reference": "7Server-7.2.AUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-0543",
      "discovery_date": "2020-04-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1827165"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Special Register Buffer Data Sampling (SRBDS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/5142691",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
          "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "RHBZ#1827165",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142691",
          "url": "https://access.redhat.com/solutions/5142691"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142751",
          "url": "https://access.redhat.com/solutions/5142751"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri",
          "url": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling",
          "url": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling"
        },
        {
          "category": "external",
          "summary": "https://xenbits.xen.org/xsa/advisory-320.html",
          "url": "https://xenbits.xen.org/xsa/advisory-320.html"
        }
      ],
      "release_date": "2020-06-09T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T07:59:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3323"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Special Register Buffer Data Sampling (SRBDS)"
    },
    {
      "cve": "CVE-2020-0548",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788786"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read by another process or a CPU sibling. The highest threat from this vulnerability is data confidentiality where an attacker could read arbitrary data as it passes through the processor.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Data Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
          "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788786",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T07:59:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3323"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: Vector Register Data Sampling"
    },
    {
      "cve": "CVE-2020-0549",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788788"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the \u201cfill buffers\u201d and not properly cleared by the MDS mitigations. The fill buffer contents (which were expected to be blank) can be inferred using MDS or TAA style attack methods to allow a local attacker to infer fill buffer values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: L1D Cache Eviction Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
          "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788788",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T07:59:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3323"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: L1D Cache Eviction Sampling"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
          "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T07:59:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3323"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
          "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T07:59:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3323"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
          "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T07:59:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3323"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24489",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962650"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel\u00ae VT-d products. Entries from the context cache on some types of context cache invalidations may not be properly invalidated which may allow an authenticated user to potentially enable escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: vt-d related privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
          "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962650",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T07:59:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3323"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hw: vt-d related privilege escalation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24511",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962702"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Microcode misconfiguration in some Intel processors may cause EIBRS mitigation (CVE-2017-5715) to be incomplete. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: improper isolation of shared resources in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
          "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962702",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24511",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T07:59:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3323"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: improper isolation of shared resources in some Intel Processors"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24512",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962722"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: observable timing discrepancy in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
          "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962722",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24512",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T07:59:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3323"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: observable timing discrepancy in some Intel Processors"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Vector Register Data Sampling (CVE-2020-0548)\n\n* hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\n* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface\n(CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\n* hw: vt-d related privilege escalation (CVE-2020-24489)\n\n* hw: improper isolation of shared resources in some Intel Processors\n(CVE-2020-24511)\n\n* hw: observable timing discrepancy in some Intel Processors\n(CVE-2020-24512)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:3322",
        "url": "https://access.redhat.com/errata/RHSA-2021:3322"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1788786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
      },
      {
        "category": "external",
        "summary": "1788788",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
      },
      {
        "category": "external",
        "summary": "1827165",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "external",
        "summary": "1962650",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
      },
      {
        "category": "external",
        "summary": "1962702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
      },
      {
        "category": "external",
        "summary": "1962722",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
      },
      {
        "category": "external",
        "summary": "1972335",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1972335"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3322.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T19:59:31+00:00",
      "generator": {
        "date": "2025-10-09T19:59:31+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2021:3322",
      "initial_release_date": "2021-08-31T08:15:28+00:00",
      "revision_history": [
        {
          "date": "2021-08-31T08:15:28+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-08-31T08:15:28+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T19:59:31+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server AUS (v. 7.3)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server AUS (v. 7.3)",
                  "product_id": "7Server-7.3.AUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_aus:7.3::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-16.42.el7_3.src",
                "product": {
                  "name": "microcode_ctl-2:2.1-16.42.el7_3.src",
                  "product_id": "microcode_ctl-2:2.1-16.42.el7_3.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-16.42.el7_3?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-16.42.el7_3.x86_64",
                "product": {
                  "name": "microcode_ctl-2:2.1-16.42.el7_3.x86_64",
                  "product_id": "microcode_ctl-2:2.1-16.42.el7_3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-16.42.el7_3?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64",
                "product": {
                  "name": "microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64",
                  "product_id": "microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl-debuginfo@2.1-16.42.el7_3?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-16.42.el7_3.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
          "product_id": "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src"
        },
        "product_reference": "microcode_ctl-2:2.1-16.42.el7_3.src",
        "relates_to_product_reference": "7Server-7.3.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-16.42.el7_3.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
          "product_id": "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-16.42.el7_3.x86_64",
        "relates_to_product_reference": "7Server-7.3.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
          "product_id": "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64",
        "relates_to_product_reference": "7Server-7.3.AUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-0543",
      "discovery_date": "2020-04-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1827165"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Special Register Buffer Data Sampling (SRBDS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/5142691",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
          "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "RHBZ#1827165",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142691",
          "url": "https://access.redhat.com/solutions/5142691"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142751",
          "url": "https://access.redhat.com/solutions/5142751"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri",
          "url": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling",
          "url": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling"
        },
        {
          "category": "external",
          "summary": "https://xenbits.xen.org/xsa/advisory-320.html",
          "url": "https://xenbits.xen.org/xsa/advisory-320.html"
        }
      ],
      "release_date": "2020-06-09T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:15:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3322"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Special Register Buffer Data Sampling (SRBDS)"
    },
    {
      "cve": "CVE-2020-0548",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788786"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read by another process or a CPU sibling. The highest threat from this vulnerability is data confidentiality where an attacker could read arbitrary data as it passes through the processor.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Data Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
          "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788786",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:15:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3322"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: Vector Register Data Sampling"
    },
    {
      "cve": "CVE-2020-0549",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788788"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the \u201cfill buffers\u201d and not properly cleared by the MDS mitigations. The fill buffer contents (which were expected to be blank) can be inferred using MDS or TAA style attack methods to allow a local attacker to infer fill buffer values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: L1D Cache Eviction Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
          "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788788",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:15:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3322"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: L1D Cache Eviction Sampling"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
          "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:15:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3322"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
          "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:15:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3322"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
          "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:15:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3322"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24489",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962650"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel\u00ae VT-d products. Entries from the context cache on some types of context cache invalidations may not be properly invalidated which may allow an authenticated user to potentially enable escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: vt-d related privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
          "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962650",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:15:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3322"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hw: vt-d related privilege escalation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24511",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962702"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Microcode misconfiguration in some Intel processors may cause EIBRS mitigation (CVE-2017-5715) to be incomplete. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: improper isolation of shared resources in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
          "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962702",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24511",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:15:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3322"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: improper isolation of shared resources in some Intel Processors"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24512",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962722"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: observable timing discrepancy in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
          "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962722",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24512",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:15:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3322"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.42.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.42.el7_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: observable timing discrepancy in some Intel Processors"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.4 Advances Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\nBug Fix(es) and Enhancement(s):\n* Update Intel CPU microcode to microcode-20201112 release, addresses:\n  - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;\n  - Addition of 06-8a-01/0x10 (LKF B2/B3) microcode at revision 0x28;\n  - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;\n  - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;\n  - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;\n  - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;\n  - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision\n    0xe0;\n  - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in\n    intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in\n    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up\n    to 0x2006a08;\n  - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in\n    intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up\n    to 0xe0;\n  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)\n    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from\n    revision 0xd6 up to 0xde;\n  - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode\n    from revision 0x43 up to 0x44;\n  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157\n    up to 0x1000159;\n  - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01\n    up to 0x4003003;\n  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision\n    0x5002f01 up to 0x5003003;\n  - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up\n    to 0x40;\n  - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up\n    to 0x1e;\n  - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x32 up\n    to 0x34;\n  - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up\n    to 0x18;\n  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78\n    up to 0xa0;\n  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca\n    up to 0xe0.\n* Disable 06-8c-01 (TGL-UP3/UP4 B1) microcode update by default.\n* Add README file to the documentation directory.\n* Add publicly-sourced codenames list to supply to gen_provides.sh; update\n  the latter to handle the somewhat different format.\n* Add SUMMARY.intel-ucode file",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:5182",
        "url": "https://access.redhat.com/errata/RHSA-2020:5182"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5182.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T21:12:03+00:00",
      "generator": {
        "date": "2025-10-09T21:12:03+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2020:5182",
      "initial_release_date": "2020-11-23T17:48:53+00:00",
      "revision_history": [
        {
          "date": "2020-11-23T17:48:53+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-11-23T17:48:53+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T21:12:03+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server AUS (v. 7.4)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server AUS (v. 7.4)",
                  "product_id": "7Server-7.4.AUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_aus:7.4::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server E4S (v. 7.4)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server E4S (v. 7.4)",
                  "product_id": "7Server-7.4.E4S",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_e4s:7.4::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server TUS (v. 7.4)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server TUS (v. 7.4)",
                  "product_id": "7Server-7.4.TUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_tus:7.4::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-22.36.el7_4.x86_64",
                "product": {
                  "name": "microcode_ctl-2:2.1-22.36.el7_4.x86_64",
                  "product_id": "microcode_ctl-2:2.1-22.36.el7_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-22.36.el7_4?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
                "product": {
                  "name": "microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
                  "product_id": "microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl-debuginfo@2.1-22.36.el7_4?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-22.36.el7_4.src",
                "product": {
                  "name": "microcode_ctl-2:2.1-22.36.el7_4.src",
                  "product_id": "microcode_ctl-2:2.1-22.36.el7_4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-22.36.el7_4?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-22.36.el7_4.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
          "product_id": "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.src"
        },
        "product_reference": "microcode_ctl-2:2.1-22.36.el7_4.src",
        "relates_to_product_reference": "7Server-7.4.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-22.36.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
          "product_id": "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-22.36.el7_4.x86_64",
        "relates_to_product_reference": "7Server-7.4.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
          "product_id": "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
        "relates_to_product_reference": "7Server-7.4.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-22.36.el7_4.src as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
          "product_id": "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.src"
        },
        "product_reference": "microcode_ctl-2:2.1-22.36.el7_4.src",
        "relates_to_product_reference": "7Server-7.4.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-22.36.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
          "product_id": "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-22.36.el7_4.x86_64",
        "relates_to_product_reference": "7Server-7.4.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
          "product_id": "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
        "relates_to_product_reference": "7Server-7.4.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-22.36.el7_4.src as a component of Red Hat Enterprise Linux Server TUS (v. 7.4)",
          "product_id": "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.src"
        },
        "product_reference": "microcode_ctl-2:2.1-22.36.el7_4.src",
        "relates_to_product_reference": "7Server-7.4.TUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-22.36.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.4)",
          "product_id": "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-22.36.el7_4.x86_64",
        "relates_to_product_reference": "7Server-7.4.TUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.4)",
          "product_id": "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
        "relates_to_product_reference": "7Server-7.4.TUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.src",
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.src",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.src",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T17:48:53+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5182"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.src",
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.src",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.src",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T17:48:53+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5182"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.src",
          "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.src",
          "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.src",
          "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
          "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T17:48:53+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5182"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.AUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.AUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.E4S:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.E4S:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.src",
            "7Server-7.4.TUS:microcode_ctl-2:2.1-22.36.el7_4.x86_64",
            "7Server-7.4.TUS:microcode_ctl-debuginfo-2:2.1-22.36.el7_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\nBug Fix(es) and Enhancement(s):\n* Update Intel CPU microcode to microcode-20201112 release, addresses:\n  - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;\n  - Addition of 06-8a-01/0x10 (LKF B2/B3) microcode at revision 0x28;\n  - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;\n  - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;\n  - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;\n  - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;\n  - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision\n    0xe0;\n  - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in\n    intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in\n    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up\n    to 0x2006a08;\n  - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in\n    intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up\n    to 0xe0;\n  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)\n    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from\n    revision 0xd6 up to 0xde;\n  - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode\n    from revision 0x43 up to 0x44;\n  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157\n    up to 0x1000159;\n  - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01\n    up to 0x4003003;\n  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision\n    0x5002f01 up to 0x5003003;\n  - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up\n    to 0x40;\n  - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up\n    to 0x1e;\n  - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x32 up\n    to 0x34;\n  - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up\n    to 0x18;\n  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78\n    up to 0xa0;\n  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca\n    up to 0xe0.\n* Disable 06-8c-01 (TGL-UP3/UP4 B1) microcode update by default.\n* Add README file to the documentation directory.\n* Add publicly-sourced codenames list to supply to gen_provides.sh; update\n  the latter to handle the somewhat different format.\n* Add SUMMARY.intel-ucode file",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:5181",
        "url": "https://access.redhat.com/errata/RHSA-2020:5181"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5181.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2024-12-29T19:04:21+00:00",
      "generator": {
        "date": "2024-12-29T19:04:21+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.4"
        }
      },
      "id": "RHSA-2020:5181",
      "initial_release_date": "2020-11-23T18:01:27+00:00",
      "revision_history": [
        {
          "date": "2020-11-23T18:01:27+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-11-23T18:01:27+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-29T19:04:21+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ComputeNode EUS (v. 7.6)",
                "product": {
                  "name": "Red Hat Enterprise Linux ComputeNode EUS (v. 7.6)",
                  "product_id": "7ComputeNode-7.6.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_eus:7.6::computenode"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server EUS (v. 7.6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server EUS (v. 7.6)",
                  "product_id": "7Server-7.6.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_eus:7.6::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-47.18.el7_6.x86_64",
                "product": {
                  "name": "microcode_ctl-2:2.1-47.18.el7_6.x86_64",
                  "product_id": "microcode_ctl-2:2.1-47.18.el7_6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-47.18.el7_6?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
                "product": {
                  "name": "microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
                  "product_id": "microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl-debuginfo@2.1-47.18.el7_6?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-47.18.el7_6.src",
                "product": {
                  "name": "microcode_ctl-2:2.1-47.18.el7_6.src",
                  "product_id": "microcode_ctl-2:2.1-47.18.el7_6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-47.18.el7_6?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-47.18.el7_6.src as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.6)",
          "product_id": "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src"
        },
        "product_reference": "microcode_ctl-2:2.1-47.18.el7_6.src",
        "relates_to_product_reference": "7ComputeNode-7.6.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-47.18.el7_6.x86_64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.6)",
          "product_id": "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-47.18.el7_6.x86_64",
        "relates_to_product_reference": "7ComputeNode-7.6.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.6)",
          "product_id": "7ComputeNode-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
        "relates_to_product_reference": "7ComputeNode-7.6.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-47.18.el7_6.src as a component of Red Hat Enterprise Linux Server EUS (v. 7.6)",
          "product_id": "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src"
        },
        "product_reference": "microcode_ctl-2:2.1-47.18.el7_6.src",
        "relates_to_product_reference": "7Server-7.6.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-47.18.el7_6.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.6)",
          "product_id": "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-47.18.el7_6.x86_64",
        "relates_to_product_reference": "7Server-7.6.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.6)",
          "product_id": "7Server-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
        "relates_to_product_reference": "7Server-7.6.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
          "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
          "7ComputeNode-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
          "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
          "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
          "7Server-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T18:01:27+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7ComputeNode-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5181"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7ComputeNode-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7ComputeNode-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
          "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
          "7ComputeNode-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
          "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
          "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
          "7Server-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T18:01:27+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7ComputeNode-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5181"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7ComputeNode-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
          "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
          "7ComputeNode-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
          "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
          "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
          "7Server-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T18:01:27+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7ComputeNode-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5181"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7ComputeNode-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7ComputeNode-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.src",
            "7Server-7.6.EUS:microcode_ctl-2:2.1-47.18.el7_6.x86_64",
            "7Server-7.6.EUS:microcode_ctl-debuginfo-2:2.1-47.18.el7_6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux\n7.6 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "* hw: Vector Register Data Sampling (CVE-2020-0548)\n\n* hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\n* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface\n(CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\n* hw: vt-d related privilege escalation (CVE-2020-24489)\n\n* hw: improper isolation of shared resources in some Intel Processors\n(CVE-2020-24511)\n\n* hw: observable timing discrepancy in some Intel Processors\n(CVE-2020-24512)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:3317",
        "url": "https://access.redhat.com/errata/RHSA-2021:3317"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1788786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
      },
      {
        "category": "external",
        "summary": "1788788",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
      },
      {
        "category": "external",
        "summary": "1827165",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "external",
        "summary": "1962650",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
      },
      {
        "category": "external",
        "summary": "1962702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
      },
      {
        "category": "external",
        "summary": "1962722",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
      },
      {
        "category": "external",
        "summary": "1972333",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1972333"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3317.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T19:59:30+00:00",
      "generator": {
        "date": "2025-10-09T19:59:30+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2021:3317",
      "initial_release_date": "2021-08-31T08:30:36+00:00",
      "revision_history": [
        {
          "date": "2021-08-31T08:30:36+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-08-31T08:30:36+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T19:59:30+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server AUS (v. 7.6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server AUS (v. 7.6)",
                  "product_id": "7Server-7.6.AUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_aus:7.6::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server E4S (v. 7.6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server E4S (v. 7.6)",
                  "product_id": "7Server-7.6.E4S",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_e4s:7.6::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server TUS (v. 7.6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server TUS (v. 7.6)",
                  "product_id": "7Server-7.6.TUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_tus:7.6::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-47.23.el7_6.src",
                "product": {
                  "name": "microcode_ctl-2:2.1-47.23.el7_6.src",
                  "product_id": "microcode_ctl-2:2.1-47.23.el7_6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-47.23.el7_6?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-47.23.el7_6.x86_64",
                "product": {
                  "name": "microcode_ctl-2:2.1-47.23.el7_6.x86_64",
                  "product_id": "microcode_ctl-2:2.1-47.23.el7_6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-47.23.el7_6?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
                "product": {
                  "name": "microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
                  "product_id": "microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl-debuginfo@2.1-47.23.el7_6?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-47.23.el7_6.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.6)",
          "product_id": "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src"
        },
        "product_reference": "microcode_ctl-2:2.1-47.23.el7_6.src",
        "relates_to_product_reference": "7Server-7.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-47.23.el7_6.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.6)",
          "product_id": "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-47.23.el7_6.x86_64",
        "relates_to_product_reference": "7Server-7.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.6)",
          "product_id": "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
        "relates_to_product_reference": "7Server-7.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-47.23.el7_6.src as a component of Red Hat Enterprise Linux Server E4S (v. 7.6)",
          "product_id": "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src"
        },
        "product_reference": "microcode_ctl-2:2.1-47.23.el7_6.src",
        "relates_to_product_reference": "7Server-7.6.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-47.23.el7_6.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.6)",
          "product_id": "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-47.23.el7_6.x86_64",
        "relates_to_product_reference": "7Server-7.6.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.6)",
          "product_id": "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
        "relates_to_product_reference": "7Server-7.6.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-47.23.el7_6.src as a component of Red Hat Enterprise Linux Server TUS (v. 7.6)",
          "product_id": "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src"
        },
        "product_reference": "microcode_ctl-2:2.1-47.23.el7_6.src",
        "relates_to_product_reference": "7Server-7.6.TUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-47.23.el7_6.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.6)",
          "product_id": "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-47.23.el7_6.x86_64",
        "relates_to_product_reference": "7Server-7.6.TUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.6)",
          "product_id": "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
        "relates_to_product_reference": "7Server-7.6.TUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-0543",
      "discovery_date": "2020-04-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1827165"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Special Register Buffer Data Sampling (SRBDS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/5142691",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "RHBZ#1827165",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142691",
          "url": "https://access.redhat.com/solutions/5142691"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142751",
          "url": "https://access.redhat.com/solutions/5142751"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri",
          "url": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling",
          "url": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling"
        },
        {
          "category": "external",
          "summary": "https://xenbits.xen.org/xsa/advisory-320.html",
          "url": "https://xenbits.xen.org/xsa/advisory-320.html"
        }
      ],
      "release_date": "2020-06-09T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:30:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3317"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Special Register Buffer Data Sampling (SRBDS)"
    },
    {
      "cve": "CVE-2020-0548",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788786"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read by another process or a CPU sibling. The highest threat from this vulnerability is data confidentiality where an attacker could read arbitrary data as it passes through the processor.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Data Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788786",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:30:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3317"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: Vector Register Data Sampling"
    },
    {
      "cve": "CVE-2020-0549",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788788"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the \u201cfill buffers\u201d and not properly cleared by the MDS mitigations. The fill buffer contents (which were expected to be blank) can be inferred using MDS or TAA style attack methods to allow a local attacker to infer fill buffer values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: L1D Cache Eviction Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788788",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:30:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3317"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: L1D Cache Eviction Sampling"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:30:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3317"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:30:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3317"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:30:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3317"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24489",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962650"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel\u00ae VT-d products. Entries from the context cache on some types of context cache invalidations may not be properly invalidated which may allow an authenticated user to potentially enable escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: vt-d related privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962650",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:30:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3317"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hw: vt-d related privilege escalation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24511",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962702"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Microcode misconfiguration in some Intel processors may cause EIBRS mitigation (CVE-2017-5715) to be incomplete. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: improper isolation of shared resources in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962702",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24511",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:30:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3317"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: improper isolation of shared resources in some Intel Processors"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24512",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962722"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: observable timing discrepancy in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
          "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
          "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962722",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24512",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T08:30:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3317"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.AUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.AUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.E4S:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.E4S:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.src",
            "7Server-7.6.TUS:microcode_ctl-2:2.1-47.23.el7_6.x86_64",
            "7Server-7.6.TUS:microcode_ctl-debuginfo-2:2.1-47.23.el7_6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: observable timing discrepancy in some Intel Processors"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fixes:\n\n* hw: Vector Register Data Sampling (CVE-2020-0548)\n\n* hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\n* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\n* hw: vt-d related privilege escalation (CVE-2020-24489)\n\n* hw: improper isolation of shared resources in some Intel Processors (CVE-2020-24511)\n\n* hw: observable timing discrepancy in some Intel Processors (CVE-2020-24512)\n\nBug Fix(es):\n\n* [rhel-8.1.0.z] Re-enable 06-5e-03 (SKL-H/S, CPUID 0x506e3) latest microcode updates (BZ#1972327)\n\n* [rhel-8.1.0.z] Re-enable 06-8c-01 (TGL-UP3/UP4, CPUID 0x806c1)  latest microcode updates (BZ#1972331)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:3176",
        "url": "https://access.redhat.com/errata/RHSA-2021:3176"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1788786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
      },
      {
        "category": "external",
        "summary": "1788788",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
      },
      {
        "category": "external",
        "summary": "1827165",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "external",
        "summary": "1962650",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
      },
      {
        "category": "external",
        "summary": "1962702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
      },
      {
        "category": "external",
        "summary": "1962722",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
      },
      {
        "category": "external",
        "summary": "1972327",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1972327"
      },
      {
        "category": "external",
        "summary": "1972331",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1972331"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3176.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2024-12-29T19:04:53+00:00",
      "generator": {
        "date": "2024-12-29T19:04:53+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.4"
        }
      },
      "id": "RHSA-2021:3176",
      "initial_release_date": "2021-08-17T08:33:36+00:00",
      "revision_history": [
        {
          "date": "2021-08-17T08:33:36+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-08-17T08:33:36+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-29T19:04:53+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux BaseOS EUS (v. 8.1)",
                "product": {
                  "name": "Red Hat Enterprise Linux BaseOS EUS (v. 8.1)",
                  "product_id": "BaseOS-8.1.0.Z.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_eus:8.1::baseos"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
                "product": {
                  "name": "microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
                  "product_id": "microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20190618-1.20210608.1.el8_1?arch=src\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64",
                "product": {
                  "name": "microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64",
                  "product_id": "microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20190618-1.20210608.1.el8_1?arch=x86_64\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20190618-1.20210608.1.el8_1.src as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)",
          "product_id": "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src"
        },
        "product_reference": "microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
        "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)",
          "product_id": "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
        },
        "product_reference": "microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64",
        "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-0543",
      "discovery_date": "2020-04-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1827165"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Special Register Buffer Data Sampling (SRBDS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/5142691",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "RHBZ#1827165",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142691",
          "url": "https://access.redhat.com/solutions/5142691"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142751",
          "url": "https://access.redhat.com/solutions/5142751"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri",
          "url": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling",
          "url": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling"
        },
        {
          "category": "external",
          "summary": "https://xenbits.xen.org/xsa/advisory-320.html",
          "url": "https://xenbits.xen.org/xsa/advisory-320.html"
        }
      ],
      "release_date": "2020-06-09T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-17T08:33:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3176"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Special Register Buffer Data Sampling (SRBDS)"
    },
    {
      "cve": "CVE-2020-0548",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788786"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read by another process or a CPU sibling. The highest threat from this vulnerability is data confidentiality where an attacker could read arbitrary data as it passes through the processor.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Data Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788786",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-17T08:33:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3176"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: Vector Register Data Sampling"
    },
    {
      "cve": "CVE-2020-0549",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788788"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the \u201cfill buffers\u201d and not properly cleared by the MDS mitigations. The fill buffer contents (which were expected to be blank) can be inferred using MDS or TAA style attack methods to allow a local attacker to infer fill buffer values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: L1D Cache Eviction Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788788",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-17T08:33:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3176"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: L1D Cache Eviction Sampling"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-17T08:33:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3176"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-17T08:33:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3176"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-17T08:33:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3176"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24489",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962650"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel\u00ae VT-d products. Entries from the context cache on some types of context cache invalidations may not be properly invalidated which may allow an authenticated user to potentially enable escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: vt-d related privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962650",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-17T08:33:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3176"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hw: vt-d related privilege escalation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24511",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962702"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Microcode misconfiguration in some Intel processors may cause EIBRS mitigation (CVE-2017-5715) to be incomplete. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: improper isolation of shared resources in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962702",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24511",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-17T08:33:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3176"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: improper isolation of shared resources in some Intel Processors"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24512",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962722"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: observable timing discrepancy in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962722",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24512",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-17T08:33:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3176"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: observable timing discrepancy in some Intel Processors"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat enterprise Linux 8.1\nExtended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\nBug Fix(es) and Enhancement(s):\n\n* Update Intel CPU microcode to microcode-20201027 release, addresses:\n  - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;\n  - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;\n  - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;\n  - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;\n  - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;\n  - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision\n    0xe0;\n  - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in\n    intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in\n    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up\n    to 0x2006a08;\n  - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in\n    intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up\n    to 0xe0;\n  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)\n    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from\n    revision 0xd6 up to 0xde;\n  - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode\n    from revision 0x43 up to 0x44;\n  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157\n    up to 0x1000159;\n  - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01\n    up to 0x4003003;\n  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision\n    0x5002f01 up to 0x5003003;\n  - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up\n    to 0x40;\n  - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up\n    to 0x1e;\n  - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up\n    to 0x18;\n  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78\n    up to 0xa0;\n  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca\n    up to 0xe0.\n\n* Add README file to the documentation directory.\n\n* Add publicly-sourced codenames list to supply to gen_provides.sh; update\n  the latter to handle the somewhat different format.\n\n* Add SUMMARY.intel-ucode file containing metadata information from\n  the microcode file headers.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:5369",
        "url": "https://access.redhat.com/errata/RHSA-2020:5369"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5369.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2024-12-29T19:04:26+00:00",
      "generator": {
        "date": "2024-12-29T19:04:26+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.4"
        }
      },
      "id": "RHSA-2020:5369",
      "initial_release_date": "2020-12-08T17:42:44+00:00",
      "revision_history": [
        {
          "date": "2020-12-08T17:42:44+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-12-08T17:42:44+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-29T19:04:26+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux BaseOS EUS (v. 8.1)",
                "product": {
                  "name": "Red Hat Enterprise Linux BaseOS EUS (v. 8.1)",
                  "product_id": "BaseOS-8.1.0.Z.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_eus:8.1::baseos"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64",
                "product": {
                  "name": "microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64",
                  "product_id": "microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20190618-1.20201112.1.el8_1?arch=x86_64\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
                "product": {
                  "name": "microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
                  "product_id": "microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20190618-1.20201112.1.el8_1?arch=src\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20190618-1.20201112.1.el8_1.src as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)",
          "product_id": "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.src"
        },
        "product_reference": "microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
        "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)",
          "product_id": "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64"
        },
        "product_reference": "microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64",
        "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-12-08T17:42:44+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5369"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-12-08T17:42:44+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5369"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-12-08T17:42:44+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5369"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20201112.1.el8_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 8.0\nUpdate Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\nBug Fix(es) and Enhancement(s):\n\n* Update Intel CPU microcode to microcode-20201027 release, addresses:\n  - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;\n  - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;\n  - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;\n  - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;\n  - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;\n  - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision\n    0xe0;\n  - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in\n    intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in\n    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up\n    to 0x2006a08;\n  - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in\n    intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up\n    to 0xe0;\n  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)\n    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from\n    revision 0xd6 up to 0xde;\n  - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode\n    from revision 0x43 up to 0x44;\n  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157\n    up to 0x1000159;\n  - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01\n    up to 0x4003003;\n  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision\n    0x5002f01 up to 0x5003003;\n  - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up\n    to 0x40;\n  - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up\n    to 0x1e;\n  - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up\n    to 0x18;\n  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78\n    up to 0xa0;\n  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca\n    up to 0xe0.\n* Add README file to the documentation directory.\n* Add publicly-sourced codenames list to supply to gen_provides.sh; update\n  the latter to handle the somewhat different format.\n* Add SUMMARY.intel-ucode file containing metadata information from\n  the microcode file headers.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:5186",
        "url": "https://access.redhat.com/errata/RHSA-2020:5186"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5186.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2024-12-29T19:05:09+00:00",
      "generator": {
        "date": "2024-12-29T19:05:09+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.4"
        }
      },
      "id": "RHSA-2020:5186",
      "initial_release_date": "2020-11-23T17:49:03+00:00",
      "revision_history": [
        {
          "date": "2020-11-23T17:49:03+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-11-23T17:49:03+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-29T19:05:09+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux BaseOS E4S (v. 8.0)",
                "product": {
                  "name": "Red Hat Enterprise Linux BaseOS E4S (v. 8.0)",
                  "product_id": "BaseOS-8.0.0.Z.E4S",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_e4s:8.0::baseos"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64",
                "product": {
                  "name": "microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64",
                  "product_id": "microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20180807a-2.20201112.1.el8_0?arch=x86_64\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
                "product": {
                  "name": "microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
                  "product_id": "microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20180807a-2.20201112.1.el8_0?arch=src\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20180807a-2.20201112.1.el8_0.src as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.0)",
          "product_id": "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.src"
        },
        "product_reference": "microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
        "relates_to_product_reference": "BaseOS-8.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.0)",
          "product_id": "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64"
        },
        "product_reference": "microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64",
        "relates_to_product_reference": "BaseOS-8.0.0.Z.E4S"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
          "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T17:49:03+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5186"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
          "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T17:49:03+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5186"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
          "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T17:49:03+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5186"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n* hw: Vector Register Data Sampling (CVE-2020-0548)\n\n* hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\n* hw: vt-d related privilege escalation (CVE-2020-24489)\n\n* hw: improper isolation of shared resources in some Intel Processors\n(CVE-2020-24511)\n\n* hw: observable timing discrepancy in some Intel Processors\n(CVE-2020-24512)\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface\n(CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:3027",
        "url": "https://access.redhat.com/errata/RHSA-2021:3027"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1788786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
      },
      {
        "category": "external",
        "summary": "1788788",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
      },
      {
        "category": "external",
        "summary": "1827165",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "external",
        "summary": "1962650",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
      },
      {
        "category": "external",
        "summary": "1962702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
      },
      {
        "category": "external",
        "summary": "1962722",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
      },
      {
        "category": "external",
        "summary": "1972325",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1972325"
      },
      {
        "category": "external",
        "summary": "1972328",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1972328"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3027.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T19:59:29+00:00",
      "generator": {
        "date": "2025-10-09T19:59:29+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2021:3027",
      "initial_release_date": "2021-08-09T09:56:52+00:00",
      "revision_history": [
        {
          "date": "2021-08-09T09:56:52+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-08-09T09:56:52+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T19:59:29+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux BaseOS (v. 8)",
                "product": {
                  "name": "Red Hat Enterprise Linux BaseOS (v. 8)",
                  "product_id": "BaseOS-8.4.0.Z.MAIN.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:8::baseos"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
                "product": {
                  "name": "microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
                  "product_id": "microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20210216-1.20210608.1.el8_4?arch=src\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64",
                "product": {
                  "name": "microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64",
                  "product_id": "microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20210216-1.20210608.1.el8_4?arch=x86_64\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20210216-1.20210608.1.el8_4.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src"
        },
        "product_reference": "microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
        "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
        },
        "product_reference": "microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64",
        "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-0543",
      "discovery_date": "2020-04-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1827165"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Special Register Buffer Data Sampling (SRBDS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/5142691",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "RHBZ#1827165",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142691",
          "url": "https://access.redhat.com/solutions/5142691"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142751",
          "url": "https://access.redhat.com/solutions/5142751"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri",
          "url": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling",
          "url": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling"
        },
        {
          "category": "external",
          "summary": "https://xenbits.xen.org/xsa/advisory-320.html",
          "url": "https://xenbits.xen.org/xsa/advisory-320.html"
        }
      ],
      "release_date": "2020-06-09T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T09:56:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3027"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Special Register Buffer Data Sampling (SRBDS)"
    },
    {
      "cve": "CVE-2020-0548",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788786"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read by another process or a CPU sibling. The highest threat from this vulnerability is data confidentiality where an attacker could read arbitrary data as it passes through the processor.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Data Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788786",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T09:56:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3027"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: Vector Register Data Sampling"
    },
    {
      "cve": "CVE-2020-0549",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788788"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the \u201cfill buffers\u201d and not properly cleared by the MDS mitigations. The fill buffer contents (which were expected to be blank) can be inferred using MDS or TAA style attack methods to allow a local attacker to infer fill buffer values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: L1D Cache Eviction Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788788",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T09:56:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3027"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: L1D Cache Eviction Sampling"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T09:56:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3027"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T09:56:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3027"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T09:56:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3027"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24489",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962650"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel\u00ae VT-d products. Entries from the context cache on some types of context cache invalidations may not be properly invalidated which may allow an authenticated user to potentially enable escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: vt-d related privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962650",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T09:56:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3027"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hw: vt-d related privilege escalation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24511",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962702"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Microcode misconfiguration in some Intel processors may cause EIBRS mitigation (CVE-2017-5715) to be incomplete. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: improper isolation of shared resources in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962702",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24511",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T09:56:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3027"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: improper isolation of shared resources in some Intel Processors"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24512",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962722"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: observable timing discrepancy in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
          "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962722",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24512",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T09:56:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3027"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.src",
            "BaseOS-8.4.0.Z.MAIN.EUS:microcode_ctl-4:20210216-1.20210608.1.el8_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: observable timing discrepancy in some Intel Processors"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red at Enterprise Linux 7.7 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\nBug Fix(es) and Enhancement(s):\n* Update Intel CPU microcode to microcode-20201112 release, addresses:\n  - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;\n  - Addition of 06-8a-01/0x10 (LKF B2/B3) microcode at revision 0x28;\n  - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;\n  - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;\n  - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;\n  - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;\n  - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision\n    0xe0;\n  - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in\n    intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in\n    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up\n    to 0x2006a08;\n  - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in\n    intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up\n    to 0xe0;\n  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)\n    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from\n    revision 0xd6 up to 0xde;\n  - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode\n    from revision 0x43 up to 0x44;\n  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157\n    up to 0x1000159;\n  - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01\n    up to 0x4003003;\n  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision\n    0x5002f01 up to 0x5003003;\n  - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up\n    to 0x40;\n  - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up\n    to 0x1e;\n  - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x32 up\n    to 0x34;\n  - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up\n    to 0x18;\n  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78\n    up to 0xa0;\n  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca\n    up to 0xe0.\n* Disable 06-8c-01 (TGL-UP3/UP4 B1) microcode update by default.\n* Add README file to the documentation directory.\n* Add publicly-sourced codenames list to supply to gen_provides.sh; update\n  the latter to handle the somewhat different format.\n* Add SUMMARY.intel-ucode file",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:5190",
        "url": "https://access.redhat.com/errata/RHSA-2020:5190"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5190.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T21:12:04+00:00",
      "generator": {
        "date": "2025-10-09T21:12:04+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2020:5190",
      "initial_release_date": "2020-11-23T19:27:14+00:00",
      "revision_history": [
        {
          "date": "2020-11-23T19:27:14+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-11-23T19:27:14+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T21:12:04+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ComputeNode EUS (v. 7.7)",
                "product": {
                  "name": "Red Hat Enterprise Linux ComputeNode EUS (v. 7.7)",
                  "product_id": "7ComputeNode-7.7.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_eus:7.7::computenode"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server EUS (v. 7.7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server EUS (v. 7.7)",
                  "product_id": "7Server-7.7.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_eus:7.7::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-53.13.el7_7.x86_64",
                "product": {
                  "name": "microcode_ctl-2:2.1-53.13.el7_7.x86_64",
                  "product_id": "microcode_ctl-2:2.1-53.13.el7_7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-53.13.el7_7?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
                "product": {
                  "name": "microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
                  "product_id": "microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl-debuginfo@2.1-53.13.el7_7?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-53.13.el7_7.src",
                "product": {
                  "name": "microcode_ctl-2:2.1-53.13.el7_7.src",
                  "product_id": "microcode_ctl-2:2.1-53.13.el7_7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-53.13.el7_7?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-53.13.el7_7.src as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.7)",
          "product_id": "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src"
        },
        "product_reference": "microcode_ctl-2:2.1-53.13.el7_7.src",
        "relates_to_product_reference": "7ComputeNode-7.7.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-53.13.el7_7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.7)",
          "product_id": "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-53.13.el7_7.x86_64",
        "relates_to_product_reference": "7ComputeNode-7.7.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode EUS (v. 7.7)",
          "product_id": "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
        "relates_to_product_reference": "7ComputeNode-7.7.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-53.13.el7_7.src as a component of Red Hat Enterprise Linux Server EUS (v. 7.7)",
          "product_id": "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src"
        },
        "product_reference": "microcode_ctl-2:2.1-53.13.el7_7.src",
        "relates_to_product_reference": "7Server-7.7.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-53.13.el7_7.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.7)",
          "product_id": "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-53.13.el7_7.x86_64",
        "relates_to_product_reference": "7Server-7.7.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.7)",
          "product_id": "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
        "relates_to_product_reference": "7Server-7.7.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
          "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T19:27:14+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5190"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
          "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T19:27:14+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5190"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
          "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
          "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
          "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
          "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T19:27:14+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5190"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7ComputeNode-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7ComputeNode-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.src",
            "7Server-7.7.EUS:microcode_ctl-2:2.1-53.13.el7_7.x86_64",
            "7Server-7.7.EUS:microcode_ctl-debuginfo-2:2.1-53.13.el7_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 8.2 Extended User Support.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Vector Register Data Sampling (CVE-2020-0548)\n\n* hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\n* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface\n(CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\n* hw: vt-d related privilege escalation (CVE-2020-24489)\n\n* hw: improper isolation of shared resources in some Intel Processors\n(CVE-2020-24511)\n\n* hw: observable timing discrepancy in some Intel Processors\n(CVE-2020-24512)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:3364",
        "url": "https://access.redhat.com/errata/RHSA-2021:3364"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1788786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
      },
      {
        "category": "external",
        "summary": "1788788",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
      },
      {
        "category": "external",
        "summary": "1827165",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "external",
        "summary": "1962650",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
      },
      {
        "category": "external",
        "summary": "1962702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
      },
      {
        "category": "external",
        "summary": "1962722",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
      },
      {
        "category": "external",
        "summary": "1972326",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1972326"
      },
      {
        "category": "external",
        "summary": "1972329",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1972329"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3364.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2024-12-29T19:05:34+00:00",
      "generator": {
        "date": "2024-12-29T19:05:34+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.4"
        }
      },
      "id": "RHSA-2021:3364",
      "initial_release_date": "2021-08-31T09:26:30+00:00",
      "revision_history": [
        {
          "date": "2021-08-31T09:26:30+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-08-31T09:26:30+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-29T19:05:34+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux BaseOS EUS (v. 8.2)",
                "product": {
                  "name": "Red Hat Enterprise Linux BaseOS EUS (v. 8.2)",
                  "product_id": "BaseOS-8.2.0.Z.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_eus:8.2::baseos"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
                "product": {
                  "name": "microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
                  "product_id": "microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20191115-4.20210608.1.el8_2?arch=src\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64",
                "product": {
                  "name": "microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64",
                  "product_id": "microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20191115-4.20210608.1.el8_2?arch=x86_64\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20191115-4.20210608.1.el8_2.src as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.2)",
          "product_id": "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src"
        },
        "product_reference": "microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
        "relates_to_product_reference": "BaseOS-8.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.2)",
          "product_id": "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
        },
        "product_reference": "microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64",
        "relates_to_product_reference": "BaseOS-8.2.0.Z.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-0543",
      "discovery_date": "2020-04-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1827165"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Special Register Buffer Data Sampling (SRBDS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/5142691",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "RHBZ#1827165",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142691",
          "url": "https://access.redhat.com/solutions/5142691"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142751",
          "url": "https://access.redhat.com/solutions/5142751"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri",
          "url": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling",
          "url": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling"
        },
        {
          "category": "external",
          "summary": "https://xenbits.xen.org/xsa/advisory-320.html",
          "url": "https://xenbits.xen.org/xsa/advisory-320.html"
        }
      ],
      "release_date": "2020-06-09T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T09:26:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3364"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Special Register Buffer Data Sampling (SRBDS)"
    },
    {
      "cve": "CVE-2020-0548",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788786"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read by another process or a CPU sibling. The highest threat from this vulnerability is data confidentiality where an attacker could read arbitrary data as it passes through the processor.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Data Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788786",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T09:26:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3364"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: Vector Register Data Sampling"
    },
    {
      "cve": "CVE-2020-0549",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788788"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the \u201cfill buffers\u201d and not properly cleared by the MDS mitigations. The fill buffer contents (which were expected to be blank) can be inferred using MDS or TAA style attack methods to allow a local attacker to infer fill buffer values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: L1D Cache Eviction Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788788",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T09:26:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3364"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: L1D Cache Eviction Sampling"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T09:26:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3364"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T09:26:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3364"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T09:26:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3364"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24489",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962650"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel\u00ae VT-d products. Entries from the context cache on some types of context cache invalidations may not be properly invalidated which may allow an authenticated user to potentially enable escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: vt-d related privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962650",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T09:26:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3364"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hw: vt-d related privilege escalation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24511",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962702"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Microcode misconfiguration in some Intel processors may cause EIBRS mitigation (CVE-2017-5715) to be incomplete. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: improper isolation of shared resources in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962702",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24511",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T09:26:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3364"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: improper isolation of shared resources in some Intel Processors"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24512",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962722"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: observable timing discrepancy in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
          "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962722",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24512",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T09:26:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3364"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.src",
            "BaseOS-8.2.0.Z.EUS:microcode_ctl-4:20191115-4.20210608.1.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: observable timing discrepancy in some Intel Processors"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n* hw: Vector Register Data Sampling (CVE-2020-0548)\n\n* hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\n* hw: vt-d related privilege escalation (CVE-2020-24489)\n\n* hw: improper isolation of shared resources in some Intel Processors\n(CVE-2020-24511)\n\n* hw: observable timing discrepancy in some Intel Processors\n(CVE-2020-24512)\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface\n(CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:3028",
        "url": "https://access.redhat.com/errata/RHSA-2021:3028"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1788786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
      },
      {
        "category": "external",
        "summary": "1788788",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
      },
      {
        "category": "external",
        "summary": "1827165",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "external",
        "summary": "1897684",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897684"
      },
      {
        "category": "external",
        "summary": "1962650",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
      },
      {
        "category": "external",
        "summary": "1962702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
      },
      {
        "category": "external",
        "summary": "1962722",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3028.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T19:59:33+00:00",
      "generator": {
        "date": "2025-10-09T19:59:33+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2021:3028",
      "initial_release_date": "2021-08-09T10:18:52+00:00",
      "revision_history": [
        {
          "date": "2021-08-09T10:18:52+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-08-09T10:18:52+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T19:59:33+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Client (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Client (v. 7)",
                  "product_id": "7Client-7.9.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server (v. 7)",
                  "product_id": "7Server-7.9.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation (v. 7)",
                  "product_id": "7Workstation-7.9.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-73.11.el7_9.src",
                "product": {
                  "name": "microcode_ctl-2:2.1-73.11.el7_9.src",
                  "product_id": "microcode_ctl-2:2.1-73.11.el7_9.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-73.11.el7_9?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-73.11.el7_9.x86_64",
                "product": {
                  "name": "microcode_ctl-2:2.1-73.11.el7_9.x86_64",
                  "product_id": "microcode_ctl-2:2.1-73.11.el7_9.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-73.11.el7_9?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
                "product": {
                  "name": "microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
                  "product_id": "microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl-debuginfo@2.1-73.11.el7_9?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-73.11.el7_9.src as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src"
        },
        "product_reference": "microcode_ctl-2:2.1-73.11.el7_9.src",
        "relates_to_product_reference": "7Client-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-73.11.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-73.11.el7_9.x86_64",
        "relates_to_product_reference": "7Client-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
        "relates_to_product_reference": "7Client-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-73.11.el7_9.src as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src"
        },
        "product_reference": "microcode_ctl-2:2.1-73.11.el7_9.src",
        "relates_to_product_reference": "7Server-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-73.11.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-73.11.el7_9.x86_64",
        "relates_to_product_reference": "7Server-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
        "relates_to_product_reference": "7Server-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-73.11.el7_9.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src"
        },
        "product_reference": "microcode_ctl-2:2.1-73.11.el7_9.src",
        "relates_to_product_reference": "7Workstation-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-73.11.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-73.11.el7_9.x86_64",
        "relates_to_product_reference": "7Workstation-7.9.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
        "relates_to_product_reference": "7Workstation-7.9.Z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-0543",
      "discovery_date": "2020-04-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1827165"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Special Register Buffer Data Sampling (SRBDS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/5142691",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "RHBZ#1827165",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142691",
          "url": "https://access.redhat.com/solutions/5142691"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142751",
          "url": "https://access.redhat.com/solutions/5142751"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri",
          "url": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling",
          "url": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling"
        },
        {
          "category": "external",
          "summary": "https://xenbits.xen.org/xsa/advisory-320.html",
          "url": "https://xenbits.xen.org/xsa/advisory-320.html"
        }
      ],
      "release_date": "2020-06-09T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T10:18:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3028"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Special Register Buffer Data Sampling (SRBDS)"
    },
    {
      "cve": "CVE-2020-0548",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788786"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read by another process or a CPU sibling. The highest threat from this vulnerability is data confidentiality where an attacker could read arbitrary data as it passes through the processor.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Data Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788786",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T10:18:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3028"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: Vector Register Data Sampling"
    },
    {
      "cve": "CVE-2020-0549",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788788"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the \u201cfill buffers\u201d and not properly cleared by the MDS mitigations. The fill buffer contents (which were expected to be blank) can be inferred using MDS or TAA style attack methods to allow a local attacker to infer fill buffer values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: L1D Cache Eviction Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788788",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T10:18:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3028"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: L1D Cache Eviction Sampling"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T10:18:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3028"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T10:18:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3028"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T10:18:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3028"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24489",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962650"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel\u00ae VT-d products. Entries from the context cache on some types of context cache invalidations may not be properly invalidated which may allow an authenticated user to potentially enable escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: vt-d related privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962650",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T10:18:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3028"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hw: vt-d related privilege escalation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24511",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962702"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Microcode misconfiguration in some Intel processors may cause EIBRS mitigation (CVE-2017-5715) to be incomplete. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: improper isolation of shared resources in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962702",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24511",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T10:18:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3028"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: improper isolation of shared resources in some Intel Processors"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24512",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962722"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: observable timing discrepancy in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
          "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
          "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962722",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24512",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-09T10:18:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3028"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Client-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Client-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Server-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Server-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.src",
            "7Workstation-7.9.Z:microcode_ctl-2:2.1-73.11.el7_9.x86_64",
            "7Workstation-7.9.Z:microcode_ctl-debuginfo-2:2.1-73.11.el7_9.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: observable timing discrepancy in some Intel Processors"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\nBug Fix(es) and Enhancement(s):\n\n* Update Intel CPU microcode to microcode-20201112 release, addresses:\n  - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;\n  - Addition of 06-8a-01/0x10 (LKF B2/B3) microcode at revision 0x28;\n  - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;\n  - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;\n  - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;\n  - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;\n  - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision\n    0xe0;\n  - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in\n    intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in\n    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up\n    to 0x2006a08;\n  - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in\n    intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up\n    to 0xe0;\n  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)\n    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from\n    revision 0xd6 up to 0xde;\n  - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode\n    from revision 0x43 up to 0x44;\n  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157\n    up to 0x1000159;\n  - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01\n    up to 0x4003003;\n  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision\n    0x5002f01 up to 0x5003003;\n  - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up\n    to 0x40;\n  - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up\n    to 0x1e;\n  - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x32 up\n    to 0x34;\n  - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up\n    to 0x18;\n  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78\n    up to 0xa0;\n  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca\n    up to 0xe0.\n\n* Disable 06-8c-01 (TGL-UP3/UP4 B1) microcode update by default.\n\n* Add README file to the documentation directory.\n\n* Add publicly-sourced codenames list to supply to gen_provides.sh; update\n  the latter to handle the somewhat different format.\n\n* Add SUMMARY.intel-ucode file",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:5183",
        "url": "https://access.redhat.com/errata/RHSA-2020:5183"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5183.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T21:12:03+00:00",
      "generator": {
        "date": "2025-10-09T21:12:03+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2020:5183",
      "initial_release_date": "2020-11-23T17:47:49+00:00",
      "revision_history": [
        {
          "date": "2020-11-23T17:47:49+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-11-23T17:47:49+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T21:12:03+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server AUS (v. 7.3)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server AUS (v. 7.3)",
                  "product_id": "7Server-7.3.AUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_aus:7.3::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server E4S (v. 7.3)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server E4S (v. 7.3)",
                  "product_id": "7Server-7.3.E4S",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_e4s:7.3::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server TUS (v. 7.3)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server TUS (v. 7.3)",
                  "product_id": "7Server-7.3.TUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_tus:7.3::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-16.37.el7_3.x86_64",
                "product": {
                  "name": "microcode_ctl-2:2.1-16.37.el7_3.x86_64",
                  "product_id": "microcode_ctl-2:2.1-16.37.el7_3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-16.37.el7_3?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
                "product": {
                  "name": "microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
                  "product_id": "microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl-debuginfo@2.1-16.37.el7_3?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-16.37.el7_3.src",
                "product": {
                  "name": "microcode_ctl-2:2.1-16.37.el7_3.src",
                  "product_id": "microcode_ctl-2:2.1-16.37.el7_3.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-16.37.el7_3?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-16.37.el7_3.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
          "product_id": "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.src"
        },
        "product_reference": "microcode_ctl-2:2.1-16.37.el7_3.src",
        "relates_to_product_reference": "7Server-7.3.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-16.37.el7_3.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
          "product_id": "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-16.37.el7_3.x86_64",
        "relates_to_product_reference": "7Server-7.3.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
          "product_id": "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
        "relates_to_product_reference": "7Server-7.3.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-16.37.el7_3.src as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
          "product_id": "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.src"
        },
        "product_reference": "microcode_ctl-2:2.1-16.37.el7_3.src",
        "relates_to_product_reference": "7Server-7.3.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-16.37.el7_3.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
          "product_id": "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-16.37.el7_3.x86_64",
        "relates_to_product_reference": "7Server-7.3.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
          "product_id": "7Server-7.3.E4S:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
        "relates_to_product_reference": "7Server-7.3.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-16.37.el7_3.src as a component of Red Hat Enterprise Linux Server TUS (v. 7.3)",
          "product_id": "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.src"
        },
        "product_reference": "microcode_ctl-2:2.1-16.37.el7_3.src",
        "relates_to_product_reference": "7Server-7.3.TUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-16.37.el7_3.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.3)",
          "product_id": "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-16.37.el7_3.x86_64",
        "relates_to_product_reference": "7Server-7.3.TUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.3)",
          "product_id": "7Server-7.3.TUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
        "relates_to_product_reference": "7Server-7.3.TUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.src",
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.src",
          "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.E4S:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.src",
          "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.TUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T17:47:49+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5183"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.src",
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.src",
          "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.E4S:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.src",
          "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.TUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T17:47:49+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5183"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.src",
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.src",
          "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.E4S:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.src",
          "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.TUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T17:47:49+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5183"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\nBug Fix(es) and Enhancement(s):\n\n* Update Intel CPU microcode to microcode-20201112 release, addresses:\n\n  - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;\n  - Addition of 06-8a-01/0x10 (LKF B2/B3) microcode at revision 0x28;\n  - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;\n  - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;\n  - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;\n  - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;\n  - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision\n    0xe0;\n  - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in\n    intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in\n    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up\n    to 0x2006a08;\n  - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in\n    intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up\n    to 0xe0;\n  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)\n    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from\n    revision 0xd6 up to 0xde;\n  - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode\n    from revision 0x43 up to 0x44;\n  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157\n    up to 0x1000159;\n  - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01\n    up to 0x4003003;\n  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision\n    0x5002f01 up to 0x5003003;\n  - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up\n    to 0x40;\n  - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up\n    to 0x1e;\n  - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x32 up\n    to 0x34;\n  - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up\n    to 0x18;\n  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78\n    up to 0xa0;\n  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca\n    up to 0xe0.\n\n* Disable 06-8c-01 (TGL-UP3/UP4 B1) microcode update by default.\n\n* Add README file to the documentation directory.\n\n* Add publicly-sourced codenames list to supply to gen_provides.sh; update\n  the latter to handle the somewhat different format.\n\n* Add SUMMARY.intel-ucode file",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:5188",
        "url": "https://access.redhat.com/errata/RHSA-2020:5188"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5188.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2024-12-29T19:04:29+00:00",
      "generator": {
        "date": "2024-12-29T19:04:29+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.4"
        }
      },
      "id": "RHSA-2020:5188",
      "initial_release_date": "2020-11-23T18:58:41+00:00",
      "revision_history": [
        {
          "date": "2020-11-23T18:58:41+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-11-23T18:58:41+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-29T19:04:29+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server AUS (v. 7.2)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server AUS (v. 7.2)",
                  "product_id": "7Server-7.2.AUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_aus:7.2::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-12.34.el7_2.x86_64",
                "product": {
                  "name": "microcode_ctl-2:2.1-12.34.el7_2.x86_64",
                  "product_id": "microcode_ctl-2:2.1-12.34.el7_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-12.34.el7_2?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64",
                "product": {
                  "name": "microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64",
                  "product_id": "microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl-debuginfo@2.1-12.34.el7_2?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-12.34.el7_2.src",
                "product": {
                  "name": "microcode_ctl-2:2.1-12.34.el7_2.src",
                  "product_id": "microcode_ctl-2:2.1-12.34.el7_2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-12.34.el7_2?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-12.34.el7_2.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)",
          "product_id": "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.src"
        },
        "product_reference": "microcode_ctl-2:2.1-12.34.el7_2.src",
        "relates_to_product_reference": "7Server-7.2.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-12.34.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)",
          "product_id": "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-12.34.el7_2.x86_64",
        "relates_to_product_reference": "7Server-7.2.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)",
          "product_id": "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64",
        "relates_to_product_reference": "7Server-7.2.AUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.src",
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.x86_64",
          "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T18:58:41+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5188"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.src",
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.x86_64",
          "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T18:58:41+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5188"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.src",
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.x86_64",
          "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T18:58:41+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5188"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.34.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.34.el7_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fixes:\n\n* hw: Vector Register Data Sampling (CVE-2020-0548)\n\n* hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\n* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\n* hw: vt-d related privilege escalation (CVE-2020-24489)\n\n* hw: improper isolation of shared resources in some Intel Processors (CVE-2020-24511)\n\n* hw: observable timing discrepancy in some Intel Processors (CVE-2020-24512)\n\nBug Fix(es):\n\n* [rhel-8.1.0.z] Re-enable 06-5e-03 (SKL-H/S, CPUID 0x506e3) latest microcode updates (BZ#1972327)\n\n* [rhel-8.1.0.z] Re-enable 06-8c-01 (TGL-UP3/UP4, CPUID 0x806c1)  latest microcode updates (BZ#1972331)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:3176",
        "url": "https://access.redhat.com/errata/RHSA-2021:3176"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1788786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
      },
      {
        "category": "external",
        "summary": "1788788",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
      },
      {
        "category": "external",
        "summary": "1827165",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "external",
        "summary": "1962650",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
      },
      {
        "category": "external",
        "summary": "1962702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
      },
      {
        "category": "external",
        "summary": "1962722",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
      },
      {
        "category": "external",
        "summary": "1972327",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1972327"
      },
      {
        "category": "external",
        "summary": "1972331",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1972331"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3176.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T19:59:30+00:00",
      "generator": {
        "date": "2025-10-09T19:59:30+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2021:3176",
      "initial_release_date": "2021-08-17T08:33:36+00:00",
      "revision_history": [
        {
          "date": "2021-08-17T08:33:36+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-08-17T08:33:36+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T19:59:30+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux BaseOS EUS (v. 8.1)",
                "product": {
                  "name": "Red Hat Enterprise Linux BaseOS EUS (v. 8.1)",
                  "product_id": "BaseOS-8.1.0.Z.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_eus:8.1::baseos"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
                "product": {
                  "name": "microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
                  "product_id": "microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20190618-1.20210608.1.el8_1?arch=src\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64",
                "product": {
                  "name": "microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64",
                  "product_id": "microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20190618-1.20210608.1.el8_1?arch=x86_64\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20190618-1.20210608.1.el8_1.src as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)",
          "product_id": "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src"
        },
        "product_reference": "microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
        "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)",
          "product_id": "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
        },
        "product_reference": "microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64",
        "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-0543",
      "discovery_date": "2020-04-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1827165"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Special Register Buffer Data Sampling (SRBDS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/5142691",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "RHBZ#1827165",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142691",
          "url": "https://access.redhat.com/solutions/5142691"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142751",
          "url": "https://access.redhat.com/solutions/5142751"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri",
          "url": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling",
          "url": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling"
        },
        {
          "category": "external",
          "summary": "https://xenbits.xen.org/xsa/advisory-320.html",
          "url": "https://xenbits.xen.org/xsa/advisory-320.html"
        }
      ],
      "release_date": "2020-06-09T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-17T08:33:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3176"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Special Register Buffer Data Sampling (SRBDS)"
    },
    {
      "cve": "CVE-2020-0548",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788786"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read by another process or a CPU sibling. The highest threat from this vulnerability is data confidentiality where an attacker could read arbitrary data as it passes through the processor.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Data Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788786",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-17T08:33:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3176"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: Vector Register Data Sampling"
    },
    {
      "cve": "CVE-2020-0549",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788788"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the \u201cfill buffers\u201d and not properly cleared by the MDS mitigations. The fill buffer contents (which were expected to be blank) can be inferred using MDS or TAA style attack methods to allow a local attacker to infer fill buffer values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: L1D Cache Eviction Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788788",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-17T08:33:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3176"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: L1D Cache Eviction Sampling"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-17T08:33:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3176"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-17T08:33:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3176"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-17T08:33:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3176"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24489",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962650"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel\u00ae VT-d products. Entries from the context cache on some types of context cache invalidations may not be properly invalidated which may allow an authenticated user to potentially enable escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: vt-d related privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962650",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-17T08:33:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3176"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hw: vt-d related privilege escalation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24511",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962702"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Microcode misconfiguration in some Intel processors may cause EIBRS mitigation (CVE-2017-5715) to be incomplete. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: improper isolation of shared resources in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962702",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24511",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-17T08:33:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3176"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: improper isolation of shared resources in some Intel Processors"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24512",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962722"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: observable timing discrepancy in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
          "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962722",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24512",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-17T08:33:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3176"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.src",
            "BaseOS-8.1.0.Z.EUS:microcode_ctl-4:20190618-1.20210608.1.el8_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: observable timing discrepancy in some Intel Processors"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 8.0\nUpdate Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\nBug Fix(es) and Enhancement(s):\n\n* Update Intel CPU microcode to microcode-20201027 release, addresses:\n  - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;\n  - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;\n  - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;\n  - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;\n  - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;\n  - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision\n    0xe0;\n  - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in\n    intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in\n    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up\n    to 0x2006a08;\n  - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in\n    intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up\n    to 0xe0;\n  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)\n    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from\n    revision 0xd6 up to 0xde;\n  - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode\n    from revision 0x43 up to 0x44;\n  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157\n    up to 0x1000159;\n  - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01\n    up to 0x4003003;\n  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision\n    0x5002f01 up to 0x5003003;\n  - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up\n    to 0x40;\n  - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up\n    to 0x1e;\n  - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up\n    to 0x18;\n  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78\n    up to 0xa0;\n  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca\n    up to 0xe0.\n* Add README file to the documentation directory.\n* Add publicly-sourced codenames list to supply to gen_provides.sh; update\n  the latter to handle the somewhat different format.\n* Add SUMMARY.intel-ucode file containing metadata information from\n  the microcode file headers.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:5186",
        "url": "https://access.redhat.com/errata/RHSA-2020:5186"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5186.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T21:12:04+00:00",
      "generator": {
        "date": "2025-10-09T21:12:04+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2020:5186",
      "initial_release_date": "2020-11-23T17:49:03+00:00",
      "revision_history": [
        {
          "date": "2020-11-23T17:49:03+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-11-23T17:49:03+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T21:12:04+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux BaseOS E4S (v. 8.0)",
                "product": {
                  "name": "Red Hat Enterprise Linux BaseOS E4S (v. 8.0)",
                  "product_id": "BaseOS-8.0.0.Z.E4S",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_e4s:8.0::baseos"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64",
                "product": {
                  "name": "microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64",
                  "product_id": "microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20180807a-2.20201112.1.el8_0?arch=x86_64\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
                "product": {
                  "name": "microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
                  "product_id": "microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20180807a-2.20201112.1.el8_0?arch=src\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20180807a-2.20201112.1.el8_0.src as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.0)",
          "product_id": "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.src"
        },
        "product_reference": "microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
        "relates_to_product_reference": "BaseOS-8.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v. 8.0)",
          "product_id": "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64"
        },
        "product_reference": "microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64",
        "relates_to_product_reference": "BaseOS-8.0.0.Z.E4S"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
          "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T17:49:03+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5186"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
          "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T17:49:03+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5186"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
          "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T17:49:03+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5186"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.src",
            "BaseOS-8.0.0.Z.E4S:microcode_ctl-4:20180807a-2.20201112.1.el8_0.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Security Fix(es):\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) and Enhancement(s):\n\n* Update Intel CPU microcode to microcode-20201027 release, addresses:\n  - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;\n  - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;\n  - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;\n  - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;\n  - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;\n  - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision\n    0xe0;\n  - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in\n    intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in\n    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up\n    to 0x2006a08;\n  - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in\n    intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up\n    to 0xe0;\n  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)\n    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from\n    revision 0xd6 up to 0xde;\n  - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode\n    from revision 0x43 up to 0x44;\n  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157\n    up to 0x1000159;\n  - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01\n    up to 0x4003003;\n  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision\n    0x5002f01 up to 0x5003003;\n  - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up\n    to 0x40;\n  - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up\n    to 0x1e;\n  - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up\n    to 0x18;\n  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78\n    up to 0xa0;\n  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca\n    up to 0xe0.\n\n* Add README file to the documentation directory.\n\n* Add publicly-sourced codenames list to supply to gen_provides.sh; update\n  the latter to handle the somewhat different format.\n\n* Add SUMMARY.intel-ucode file containing metadata information from\n  the microcode file headers.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:5085",
        "url": "https://access.redhat.com/errata/RHSA-2020:5085"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5085.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2024-12-29T19:04:06+00:00",
      "generator": {
        "date": "2024-12-29T19:04:06+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.4"
        }
      },
      "id": "RHSA-2020:5085",
      "initial_release_date": "2020-11-11T09:48:17+00:00",
      "revision_history": [
        {
          "date": "2020-11-11T09:48:17+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-11-11T09:48:17+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-29T19:04:06+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux BaseOS (v. 8)",
                "product": {
                  "name": "Red Hat Enterprise Linux BaseOS (v. 8)",
                  "product_id": "BaseOS-8.3.0.Z.MAIN",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:8::baseos"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64",
                "product": {
                  "name": "microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64",
                  "product_id": "microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20200609-2.20201027.1.el8_3?arch=x86_64\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
                "product": {
                  "name": "microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
                  "product_id": "microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@20200609-2.20201027.1.el8_3?arch=src\u0026epoch=4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20200609-2.20201027.1.el8_3.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.src"
        },
        "product_reference": "microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
        "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64"
        },
        "product_reference": "microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64",
        "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
          "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-11T09:48:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5085"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
          "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-11T09:48:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5085"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
          "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-11T09:48:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5085"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.src",
            "BaseOS-8.3.0.Z.MAIN:microcode_ctl-4:20200609-2.20201027.1.el8_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Vector Register Data Sampling (CVE-2020-0548)\n\n* hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\n* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\n* hw: vt-d related privilege escalation (CVE-2020-24489)\n\n* hw: improper isolation of shared resources in some Intel Processors (CVE-2020-24511)\n\n* hw: observable timing discrepancy in some Intel Processors (CVE-2020-24512)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:3323",
        "url": "https://access.redhat.com/errata/RHSA-2021:3323"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1788786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
      },
      {
        "category": "external",
        "summary": "1788788",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
      },
      {
        "category": "external",
        "summary": "1827165",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "external",
        "summary": "1962650",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
      },
      {
        "category": "external",
        "summary": "1962702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
      },
      {
        "category": "external",
        "summary": "1962722",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
      },
      {
        "category": "external",
        "summary": "1972336",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1972336"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3323.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2025-10-09T19:59:31+00:00",
      "generator": {
        "date": "2025-10-09T19:59:31+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2021:3323",
      "initial_release_date": "2021-08-31T07:59:36+00:00",
      "revision_history": [
        {
          "date": "2021-08-31T07:59:36+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-08-31T07:59:36+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T19:59:31+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server AUS (v. 7.2)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server AUS (v. 7.2)",
                  "product_id": "7Server-7.2.AUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_aus:7.2::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-12.39.el7_2.src",
                "product": {
                  "name": "microcode_ctl-2:2.1-12.39.el7_2.src",
                  "product_id": "microcode_ctl-2:2.1-12.39.el7_2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-12.39.el7_2?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-12.39.el7_2.x86_64",
                "product": {
                  "name": "microcode_ctl-2:2.1-12.39.el7_2.x86_64",
                  "product_id": "microcode_ctl-2:2.1-12.39.el7_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-12.39.el7_2?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64",
                "product": {
                  "name": "microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64",
                  "product_id": "microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl-debuginfo@2.1-12.39.el7_2?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-12.39.el7_2.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)",
          "product_id": "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src"
        },
        "product_reference": "microcode_ctl-2:2.1-12.39.el7_2.src",
        "relates_to_product_reference": "7Server-7.2.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-12.39.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)",
          "product_id": "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-12.39.el7_2.x86_64",
        "relates_to_product_reference": "7Server-7.2.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)",
          "product_id": "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64",
        "relates_to_product_reference": "7Server-7.2.AUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-0543",
      "discovery_date": "2020-04-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1827165"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Special Register Buffer Data Sampling (SRBDS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/5142691",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
          "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "RHBZ#1827165",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827165"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142691",
          "url": "https://access.redhat.com/solutions/5142691"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/5142751",
          "url": "https://access.redhat.com/solutions/5142751"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri",
          "url": "https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/#gs.6uyhri"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling",
          "url": "https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling"
        },
        {
          "category": "external",
          "summary": "https://xenbits.xen.org/xsa/advisory-320.html",
          "url": "https://xenbits.xen.org/xsa/advisory-320.html"
        }
      ],
      "release_date": "2020-06-09T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T07:59:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3323"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Special Register Buffer Data Sampling (SRBDS)"
    },
    {
      "cve": "CVE-2020-0548",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788786"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read by another process or a CPU sibling. The highest threat from this vulnerability is data confidentiality where an attacker could read arbitrary data as it passes through the processor.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Data Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
          "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788786",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788786"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T07:59:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3323"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: Vector Register Data Sampling"
    },
    {
      "cve": "CVE-2020-0549",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1788788"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the \u201cfill buffers\u201d and not properly cleared by the MDS mitigations. The fill buffer contents (which were expected to be blank) can be inferred using MDS or TAA style attack methods to allow a local attacker to infer fill buffer values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: L1D Cache Eviction Sampling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
          "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "RHBZ#1788788",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788788"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-0549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0549"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling",
          "url": "https://access.redhat.com/solutions/l1d-cache-eviction-and-vector-register-sampling"
        },
        {
          "category": "external",
          "summary": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/",
          "url": "https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/"
        },
        {
          "category": "external",
          "summary": "https://cacheoutattack.com/CacheOut.pdf",
          "url": "https://cacheoutattack.com/CacheOut.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling",
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling"
        }
      ],
      "release_date": "2020-01-27T13:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T07:59:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3323"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: L1D Cache Eviction Sampling"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
          "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T07:59:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3323"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
          "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T07:59:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3323"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
          "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T07:59:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3323"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24489",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962650"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Intel\u00ae VT-d products. Entries from the context cache on some types of context cache invalidations may not be properly invalidated which may allow an authenticated user to potentially enable escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: vt-d related privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
          "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962650",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962650"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24489"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T07:59:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3323"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hw: vt-d related privilege escalation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24511",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962702"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Microcode misconfiguration in some Intel processors may cause EIBRS mitigation (CVE-2017-5715) to be incomplete. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: improper isolation of shared resources in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
          "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962702",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962702"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24511",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24511"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T07:59:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3323"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: improper isolation of shared resources in some Intel Processors"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-24512",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1962722"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: observable timing discrepancy in some Intel Processors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
          "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
          "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "RHBZ#1962722",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962722"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24512",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24512"
        }
      ],
      "release_date": "2021-06-08T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-31T07:59:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3323"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.src",
            "7Server-7.2.AUS:microcode_ctl-2:2.1-12.39.el7_2.x86_64",
            "7Server-7.2.AUS:microcode_ctl-debuginfo-2:2.1-12.39.el7_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hw: observable timing discrepancy in some Intel Processors"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The microcode_ctl packages provide microcode updates for Intel.\n\nSecurity Fix(es):\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\nBug Fix(es) and Enhancement(s):\n\n* Update Intel CPU microcode to microcode-20201112 release, addresses:\n  - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;\n  - Addition of 06-8a-01/0x10 (LKF B2/B3) microcode at revision 0x28;\n  - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;\n  - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;\n  - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;\n  - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;\n  - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision\n    0xe0;\n  - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in\n    intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in\n    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up\n    to 0x2006a08;\n  - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in\n    intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;\n  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up\n    to 0xe0;\n  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)\n    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from\n    revision 0xd6 up to 0xde;\n  - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in\n    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up\n    to 0xde;\n  - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode\n    from revision 0x43 up to 0x44;\n  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157\n    up to 0x1000159;\n  - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01\n    up to 0x4003003;\n  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision\n    0x5002f01 up to 0x5003003;\n  - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up\n    to 0x40;\n  - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up\n    to 0x1e;\n  - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x32 up\n    to 0x34;\n  - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up\n    to 0x18;\n  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78\n    up to 0xa0;\n  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca\n    up to 0xe0.\n\n* Disable 06-8c-01 (TGL-UP3/UP4 B1) microcode update by default.\n\n* Add README file to the documentation directory.\n\n* Add publicly-sourced codenames list to supply to gen_provides.sh; update\n  the latter to handle the somewhat different format.\n\n* Add SUMMARY.intel-ucode file",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:5183",
        "url": "https://access.redhat.com/errata/RHSA-2020:5183"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1828583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
      },
      {
        "category": "external",
        "summary": "1890355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
      },
      {
        "category": "external",
        "summary": "1890356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5183.json"
      }
    ],
    "title": "Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2024-12-29T19:04:44+00:00",
      "generator": {
        "date": "2024-12-29T19:04:44+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.4"
        }
      },
      "id": "RHSA-2020:5183",
      "initial_release_date": "2020-11-23T17:47:49+00:00",
      "revision_history": [
        {
          "date": "2020-11-23T17:47:49+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-11-23T17:47:49+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-29T19:04:44+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server AUS (v. 7.3)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server AUS (v. 7.3)",
                  "product_id": "7Server-7.3.AUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_aus:7.3::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server E4S (v. 7.3)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server E4S (v. 7.3)",
                  "product_id": "7Server-7.3.E4S",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_e4s:7.3::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server TUS (v. 7.3)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server TUS (v. 7.3)",
                  "product_id": "7Server-7.3.TUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_tus:7.3::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-16.37.el7_3.x86_64",
                "product": {
                  "name": "microcode_ctl-2:2.1-16.37.el7_3.x86_64",
                  "product_id": "microcode_ctl-2:2.1-16.37.el7_3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-16.37.el7_3?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
                "product": {
                  "name": "microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
                  "product_id": "microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl-debuginfo@2.1-16.37.el7_3?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-2:2.1-16.37.el7_3.src",
                "product": {
                  "name": "microcode_ctl-2:2.1-16.37.el7_3.src",
                  "product_id": "microcode_ctl-2:2.1-16.37.el7_3.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/microcode_ctl@2.1-16.37.el7_3?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-16.37.el7_3.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
          "product_id": "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.src"
        },
        "product_reference": "microcode_ctl-2:2.1-16.37.el7_3.src",
        "relates_to_product_reference": "7Server-7.3.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-16.37.el7_3.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
          "product_id": "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-16.37.el7_3.x86_64",
        "relates_to_product_reference": "7Server-7.3.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
          "product_id": "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
        "relates_to_product_reference": "7Server-7.3.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-16.37.el7_3.src as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
          "product_id": "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.src"
        },
        "product_reference": "microcode_ctl-2:2.1-16.37.el7_3.src",
        "relates_to_product_reference": "7Server-7.3.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-16.37.el7_3.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
          "product_id": "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-16.37.el7_3.x86_64",
        "relates_to_product_reference": "7Server-7.3.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.3)",
          "product_id": "7Server-7.3.E4S:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
        "relates_to_product_reference": "7Server-7.3.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-16.37.el7_3.src as a component of Red Hat Enterprise Linux Server TUS (v. 7.3)",
          "product_id": "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.src"
        },
        "product_reference": "microcode_ctl-2:2.1-16.37.el7_3.src",
        "relates_to_product_reference": "7Server-7.3.TUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-2:2.1-16.37.el7_3.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.3)",
          "product_id": "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64"
        },
        "product_reference": "microcode_ctl-2:2.1-16.37.el7_3.x86_64",
        "relates_to_product_reference": "7Server-7.3.TUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.3)",
          "product_id": "7Server-7.3.TUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
        },
        "product_reference": "microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
        "relates_to_product_reference": "7Server-7.3.TUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8695",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Intel\u0027s implementation of RAPL (Running Average Power Limit).  An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Information disclosure issue in Intel SGX via RAPL interface",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.src",
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.src",
          "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.E4S:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.src",
          "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.TUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828583"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "https://en.wikipedia.org/wiki/Power_analysis",
          "url": "https://en.wikipedia.org/wiki/Power_analysis"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
        }
      ],
      "release_date": "2020-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T17:47:49+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5183"
        },
        {
          "category": "workaround",
          "details": "Until a firmware update and reboot can be applied, the attack vector can be reduced by limiting read access to the sysfs attributes that export this functionality to userspace.  \n\nThe command:\n~~~\nsudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n~~~\nWill do this for the current boot, it will need to be scripted to run at each boot to remain persistent across reboots.",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Information disclosure issue in Intel SGX via RAPL interface"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8696",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890355"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Vector Register Leakage-Active",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.src",
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.src",
          "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.E4S:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.src",
          "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.TUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890355",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T17:47:49+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5183"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Vector Register Leakage-Active"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Intel"
          ]
        }
      ],
      "cve": "CVE-2020-8698",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2020-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1890356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: Fast forward store predictor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.src",
          "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.src",
          "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.E4S:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.src",
          "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
          "7Server-7.3.TUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "RHBZ#1890356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890356"
        },
        {
          "category": "external",
          "summary": "RHSB-5569051",
          "url": "https://access.redhat.com/articles/5569051"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
        }
      ],
      "release_date": "2020-11-10T13:55:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-23T17:47:49+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5183"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.AUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.AUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.E4S:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.E4S:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.src",
            "7Server-7.3.TUS:microcode_ctl-2:2.1-16.37.el7_3.x86_64",
            "7Server-7.3.TUS:microcode_ctl-debuginfo-2:2.1-16.37.el7_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: Fast forward store predictor"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Prozessor ist das zentrale Rechenwerk eines Computers.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Intel Prozessoren ausnutzen, um Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- BIOS/Firmware",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-0999 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2022-0999.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-0999 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0999"
      },
      {
        "category": "external",
        "summary": "Intel Security Advisory INTEL-SA-00381 vom 2020-11-10",
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
      },
      {
        "category": "external",
        "summary": "Intel Security Advisory INTEL-SA-00389 vom 2020-11-10",
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3276-1 vom 2020-11-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007744.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3275-1 vom 2020-11-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007746.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3274-1 vom 2020-11-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007749.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3271-1 vom 2020-11-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007750.html"
      },
      {
        "category": "external",
        "summary": "Xen Security Advisory XSA-351 vom 2020-11-10",
        "url": "https://xenbits.xen.org/xsa/advisory-351.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:5085 vom 2020-11-11",
        "url": "https://access.redhat.com/errata/RHSA-2020:5085"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:5084 vom 2020-11-11",
        "url": "https://access.redhat.com/errata/RHSA-2020:5084"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:5083 vom 2020-11-11",
        "url": "https://access.redhat.com/errata/RHSA-2020:5083"
      },
      {
        "category": "external",
        "summary": "HP Security Bulletin",
        "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04057en_us"
      },
      {
        "category": "external",
        "summary": "HPE Security Bulletin",
        "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04059en_us"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3279-1 vom 2020-11-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007757.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:14540-1 vom 2020-11-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007755.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2020-5926 vom 2020-11-13",
        "url": "https://linux.oracle.com/errata/ELSA-2020-5926.html"
      },
      {
        "category": "external",
        "summary": "Citrix Hypervisor Security Update",
        "url": "https://support.citrix.com/article/CTX285937"
      },
      {
        "category": "external",
        "summary": "ORACLE OVMSA-2020-0049 vom 2020-11-12",
        "url": "https://oss.oracle.com/pipermail/oraclevm-errata/2020-November/001003.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2020-5923 vom 2020-11-12",
        "url": "https://linux.oracle.com/errata/ELSA-2020-5923.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2020-5924 vom 2020-11-12",
        "url": "https://linux.oracle.com/errata/ELSA-2020-5924.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3326-1 vom 2020-11-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007775.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3326-1 vom 2020-11-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007776.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2020-5083 vom 2020-11-17",
        "url": "https://linux.oracle.com/errata/ELSA-2020-5083.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2020-5084 vom 2020-11-17",
        "url": "https://linux.oracle.com/errata/ELSA-2020-5084.html"
      },
      {
        "category": "external",
        "summary": "ORACLE OVMSA-2020-0051 vom 2020-11-17",
        "url": "https://oss.oracle.com/pipermail/oraclevm-errata/2020-November/001004.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2020-5085 vom 2020-11-17",
        "url": "http://linux.oracle.com/errata/ELSA-2020-5085.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3416-1 vom 2020-11-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007811.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3415-1 vom 2020-11-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007810.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3412-1 vom 2020-11-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007814.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3414-1 vom 2020-11-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007813.html"
      },
      {
        "category": "external",
        "summary": "Oracle VM Security Advisory OVMSA-2020-0053 vom 2020-11-19",
        "url": "https://oss.oracle.com/pipermail/oraclevm-errata/2020-November/001005.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3374-1 vom 2020-11-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007808.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:14546-1 vom 2020-11-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007804.html"
      },
      {
        "category": "external",
        "summary": "ORACLE OVMSA-2020-0053 vom 2020-11-19",
        "url": "https://oss.oracle.com/pipermail/oraclevm-errata/2020-November/001005.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3413-1 vom 2020-11-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007815.html"
      },
      {
        "category": "external",
        "summary": "CentOS Security Advisory CESA-2020:5083 vom 2020-11-19",
        "url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2020-5083-Moderate-CentOS-7-microcode-ctl-Security-Update-tp4646074.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3372-1 vom 2020-11-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007796.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3373-1 vom 2020-11-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007799.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3457-1 vom 2020-11-20",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007824.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:5185 vom 2020-11-23",
        "url": "https://access.redhat.com/errata/RHSA-2020:5185"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:5186 vom 2020-11-23",
        "url": "https://access.redhat.com/errata/RHSA-2020:5186"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:5184 vom 2020-11-23",
        "url": "https://access.redhat.com/errata/RHSA-2020:5184"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3484-1 vom 2020-11-23",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007841.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:5189 vom 2020-11-23",
        "url": "https://access.redhat.com/errata/RHSA-2020:5189"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:5190 vom 2020-11-23",
        "url": "https://access.redhat.com/errata/RHSA-2020:5190"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:5188 vom 2020-11-23",
        "url": "https://access.redhat.com/errata/RHSA-2020:5188"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:5181 vom 2020-11-23",
        "url": "https://access.redhat.com/errata/RHSA-2020:5181"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:5182 vom 2020-11-23",
        "url": "https://access.redhat.com/errata/RHSA-2020:5182"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:5183 vom 2020-11-23",
        "url": "https://access.redhat.com/errata/RHSA-2020:5183"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3501-1 vom 2020-11-24",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007845.html"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2020-D71FA5F0B9 vom 2020-11-25",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-d71fa5f0b9"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3503-1 vom 2020-11-24",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007846.html"
      },
      {
        "category": "external",
        "summary": "AVAYA Security Advisory ASA-2020-185 vom 2020-11-24",
        "url": "https://downloads.avaya.com/css/P8/documents/101072516"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3512-1 vom 2020-11-25",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007853.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3513-1 vom 2020-11-25",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007854.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3522-1 vom 2020-11-25",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007856.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3514-1 vom 2020-11-25",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007857.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3544-1 vom 2020-11-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007876.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3544-1 vom 2020-11-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007878.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3532-1 vom 2020-11-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007874.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3532-1 vom 2020-11-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007871.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3615-1 vom 2020-12-03",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/007914.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3612-1 vom 2020-12-03",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/007910.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3611-1 vom 2020-12-03",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/007911.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-4804 vom 2020-12-05",
        "url": "https://www.debian.org/security/2020/dsa-4804"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:5369 vom 2020-12-08",
        "url": "https://access.redhat.com/errata/RHSA-2020:5369"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3631-1 vom 2020-12-07",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/007922.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3653-1 vom 2020-12-07",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/007928.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3670-1 vom 2020-12-07",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/007929.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3713-1 vom 2020-12-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/007937.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:14557-1 vom 2020-12-08",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/007936.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3715-1 vom 2020-12-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/007938.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-2483 vom 2020-12-10",
        "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3742-1 vom 2020-12-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/007959.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2020-5996 vom 2020-12-15",
        "url": "http://linux.oracle.com/errata/ELSA-2020-5996.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2020-5995 vom 2020-12-15",
        "url": "http://linux.oracle.com/errata/ELSA-2020-5995.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-2494 vom 2020-12-18",
        "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-9007 vom 2021-01-13",
        "url": "http://linux.oracle.com/errata/ELSA-2021-9007.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-9008 vom 2021-01-12",
        "url": "https://linux.oracle.com/errata/ELSA-2021-9008.html"
      },
      {
        "category": "external",
        "summary": "EMC Security Advisory DSA-2020-249 vom 2021-01-16",
        "url": "https://www.dell.com/support/kbdoc/en-us/000180498/dsa-2020-249-dell-client-platform-security-update-for-intel-platform-updates-2020-2-bios-november-2020"
      },
      {
        "category": "external",
        "summary": "EMC Security Advisory DSA-2020-246 vom 2021-01-16",
        "url": "https://www.dell.com/support/kbdoc/en-us/000180484/dsa-2020-246-dell-emc-server-platform-security-advisory-for-the-monthly-2020-2-intel-platform-updates-nov-2020"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-2546 vom 2021-02-05",
        "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00007.html"
      },
      {
        "category": "external",
        "summary": "Arch Linux Security Advisory ASA-202102-34 vom 2021-02-27",
        "url": "https://security.archlinux.org/ASA-202102-34"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1023-1 vom 2021-04-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008585.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1460-1 vom 2021-04-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008718.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-4628-1 vom 2021-05-17",
        "url": "https://ubuntu.com/security/notices/USN-4628-3"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2021-1663 vom 2021-06-23",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2021-1663.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3027 vom 2021-08-09",
        "url": "https://access.redhat.com/errata/RHSA-2021:3027"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3028 vom 2021-08-09",
        "url": "https://access.redhat.com/errata/RHSA-2021:3028"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-3027 vom 2021-08-09",
        "url": "http://linux.oracle.com/errata/ELSA-2021-3027.html"
      },
      {
        "category": "external",
        "summary": "CentOS Security Advisory CESA-2021:3028 vom 2021-08-09",
        "url": "https://lists.centos.org/pipermail/centos-announce/2021-August/048347.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-3028 vom 2021-08-09",
        "url": "http://linux.oracle.com/errata/ELSA-2021-3028.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3029 vom 2021-08-10",
        "url": "https://access.redhat.com/errata/RHSA-2021:3029"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3176 vom 2021-08-17",
        "url": "https://access.redhat.com/errata/RHSA-2021:3176"
      },
      {
        "category": "external",
        "summary": "AVAYA Security Advisory ASA-2021-105 vom 2021-08-19",
        "url": "https://downloads.avaya.com/css/P8/documents/101077166"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3255 vom 2021-08-25",
        "url": "https://access.redhat.com/errata/RHSA-2021:3255"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3322 vom 2021-08-31",
        "url": "https://access.redhat.com/errata/RHSA-2021:3322"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3317 vom 2021-08-31",
        "url": "https://access.redhat.com/errata/RHSA-2021:3317"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3323 vom 2021-08-31",
        "url": "https://access.redhat.com/errata/RHSA-2021:3323"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3364 vom 2021-08-31",
        "url": "https://access.redhat.com/errata/RHSA-2021:3364"
      },
      {
        "category": "external",
        "summary": "ORACLE OVMSA-2022-0020 vom 2022-08-10",
        "url": "https://oss.oracle.com/pipermail/oraclevm-errata/2022-August/001056.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4936-1 vom 2023-12-20",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017510.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Intel Prozessoren: Mehrere Schwachstellen erm\u00f6glichen Offenlegung von Informationen",
    "tracking": {
      "current_release_date": "2023-12-20T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:33:10.947+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2022-0999",
      "initial_release_date": "2020-11-10T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2020-11-10T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2020-11-11T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Fedora und SUSE aufgenommen"
        },
        {
          "date": "2020-11-12T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Oracle Linux, Citrix und ORACLE aufgenommen"
        },
        {
          "date": "2020-11-15T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-11-16T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Oracle Linux und Oracle VM aufgenommen"
        },
        {
          "date": "2020-11-17T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2020-11-19T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE, ORACLE und CentOS aufgenommen"
        },
        {
          "date": "2020-11-22T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Fedora und SUSE aufgenommen"
        },
        {
          "date": "2020-11-23T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat und SUSE aufgenommen"
        },
        {
          "date": "2020-11-24T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE und Fedora aufgenommen"
        },
        {
          "date": "2020-11-25T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von AVAYA und SUSE aufgenommen"
        },
        {
          "date": "2020-11-26T23:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-12-03T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-12-06T23:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2020-12-07T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Red Hat und SUSE aufgenommen"
        },
        {
          "date": "2020-12-08T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-12-10T23:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Debian und SUSE aufgenommen"
        },
        {
          "date": "2020-12-14T23:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2020-12-20T23:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2021-01-12T23:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2021-01-17T23:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von EMC aufgenommen"
        },
        {
          "date": "2021-02-07T23:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2021-02-28T23:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von Arch Linux aufgenommen"
        },
        {
          "date": "2021-04-06T22:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-05-02T22:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-05-16T22:00:00.000+00:00",
          "number": "26",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2021-06-23T22:00:00.000+00:00",
          "number": "27",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2021-08-08T22:00:00.000+00:00",
          "number": "28",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-08-09T22:00:00.000+00:00",
          "number": "29",
          "summary": "Neue Updates von Oracle Linux und CentOS aufgenommen"
        },
        {
          "date": "2021-08-10T22:00:00.000+00:00",
          "number": "30",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-08-16T22:00:00.000+00:00",
          "number": "31",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-08-22T22:00:00.000+00:00",
          "number": "32",
          "summary": "Neue Updates von AVAYA aufgenommen"
        },
        {
          "date": "2021-08-24T22:00:00.000+00:00",
          "number": "33",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-08-30T22:00:00.000+00:00",
          "number": "34",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-08-10T22:00:00.000+00:00",
          "number": "35",
          "summary": "Neue Updates von ORACLE aufgenommen"
        },
        {
          "date": "2023-12-20T23:00:00.000+00:00",
          "number": "36",
          "summary": "Neue Updates von SUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "36"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Avaya Aura Application Enablement Services",
            "product": {
              "name": "Avaya Aura Application Enablement Services",
              "product_id": "T015516",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:aura_application_enablement_services:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Aura Communication Manager",
            "product": {
              "name": "Avaya Aura Communication Manager",
              "product_id": "T015126",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:communication_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Aura Device Services",
            "product": {
              "name": "Avaya Aura Device Services",
              "product_id": "T015517",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:aura_device_services:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Aura Experience Portal",
            "product": {
              "name": "Avaya Aura Experience Portal",
              "product_id": "T015519",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:aura_experience_portal:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Aura Session Manager",
            "product": {
              "name": "Avaya Aura Session Manager",
              "product_id": "T015127",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:session_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Aura System Manager",
            "product": {
              "name": "Avaya Aura System Manager",
              "product_id": "T015518",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:aura_system_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Breeze Platform",
            "product": {
              "name": "Avaya Breeze Platform",
              "product_id": "T015823",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:breeze_platform:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya CMS",
            "product": {
              "name": "Avaya CMS",
              "product_id": "997",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:call_management_system_server:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Session Border Controller",
            "product": {
              "name": "Avaya Session Border Controller",
              "product_id": "T015520",
              "product_identification_helper": {
                "cpe": "cpe:/h:avaya:session_border_controller:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Avaya"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Citrix Systems Hypervisor",
            "product": {
              "name": "Citrix Systems Hypervisor",
              "product_id": "T016872",
              "product_identification_helper": {
                "cpe": "cpe:/o:citrix:hypervisor:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Citrix Systems"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Dell BIOS",
            "product": {
              "name": "Dell BIOS",
              "product_id": "T005643",
              "product_identification_helper": {
                "cpe": "cpe:/h:dell:bios:latitude"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Dell Computer",
            "product": {
              "name": "Dell Computer",
              "product_id": "T006498",
              "product_identification_helper": {
                "cpe": "cpe:/o:dell:dell_computer:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HPE ProLiant",
            "product": {
              "name": "HPE ProLiant",
              "product_id": "T009310",
              "product_identification_helper": {
                "cpe": "cpe:/h:hp:proliant:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "HPE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Intel Prozessor",
            "product": {
              "name": "Intel Prozessor",
              "product_id": "T011586",
              "product_identification_helper": {
                "cpe": "cpe:/h:intel:intel_prozessor:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Intel"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Arch Linux",
            "product": {
              "name": "Open Source Arch Linux",
              "product_id": "T013312",
              "product_identification_helper": {
                "cpe": "cpe:/o:archlinux:archlinux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Open Source CentOS",
            "product": {
              "name": "Open Source CentOS",
              "product_id": "1727",
              "product_identification_helper": {
                "cpe": "cpe:/o:centos:centos:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Open Source Xen",
            "product": {
              "name": "Open Source Xen",
              "product_id": "T000611",
              "product_identification_helper": {
                "cpe": "cpe:/o:xen:xen:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Oracle VM",
            "product": {
              "name": "Oracle VM",
              "product_id": "T011119",
              "product_identification_helper": {
                "cpe": "cpe:/a:oracle:vm:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-28368",
      "notes": [
        {
          "category": "description",
          "text": "In Intel Prozessoren existieren mehrere Schwachstellen. Sie beruhen auf einer fehlerhaften Isolierung von geteilten Ressourcen, einer unzureichenden Entfernung von vertraulichen Daten vor einer Speicherung oder \u00dcbertragung, einer fehlerhaften Zugriffskontrolle im Linux Kernel Treiber und einer beobachtbaren Diskrepanz in der RAPL Schnittstelle. Ein Angreifer kann dieses nutzen und vertrauliche Daten einsehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006498",
          "T011119",
          "T015519",
          "T015518",
          "T015517",
          "67646",
          "T005643",
          "T015516",
          "T015823",
          "T013312",
          "T015127",
          "T011586",
          "T015126",
          "T004914",
          "T015520",
          "T016872",
          "2951",
          "T002207",
          "T000611",
          "T000126",
          "997",
          "398363",
          "1727",
          "T009310"
        ]
      },
      "release_date": "2020-11-10T23:00:00.000+00:00",
      "title": "CVE-2020-28368"
    },
    {
      "cve": "CVE-2020-8694",
      "notes": [
        {
          "category": "description",
          "text": "In Intel Prozessoren existieren mehrere Schwachstellen. Sie beruhen auf einer fehlerhaften Isolierung von geteilten Ressourcen, einer unzureichenden Entfernung von vertraulichen Daten vor einer Speicherung oder \u00dcbertragung, einer fehlerhaften Zugriffskontrolle im Linux Kernel Treiber und einer beobachtbaren Diskrepanz in der RAPL Schnittstelle. Ein Angreifer kann dieses nutzen und vertrauliche Daten einsehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006498",
          "T011119",
          "T015519",
          "T015518",
          "T015517",
          "67646",
          "T005643",
          "T015516",
          "T015823",
          "T013312",
          "T015127",
          "T011586",
          "T015126",
          "T004914",
          "T015520",
          "T016872",
          "2951",
          "T002207",
          "T000611",
          "T000126",
          "997",
          "398363",
          "1727",
          "T009310"
        ]
      },
      "release_date": "2020-11-10T23:00:00.000+00:00",
      "title": "CVE-2020-8694"
    },
    {
      "cve": "CVE-2020-8695",
      "notes": [
        {
          "category": "description",
          "text": "In Intel Prozessoren existieren mehrere Schwachstellen. Sie beruhen auf einer fehlerhaften Isolierung von geteilten Ressourcen, einer unzureichenden Entfernung von vertraulichen Daten vor einer Speicherung oder \u00dcbertragung, einer fehlerhaften Zugriffskontrolle im Linux Kernel Treiber und einer beobachtbaren Diskrepanz in der RAPL Schnittstelle. Ein Angreifer kann dieses nutzen und vertrauliche Daten einsehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006498",
          "T011119",
          "T015519",
          "T015518",
          "T015517",
          "67646",
          "T005643",
          "T015516",
          "T015823",
          "T013312",
          "T015127",
          "T011586",
          "T015126",
          "T004914",
          "T015520",
          "T016872",
          "2951",
          "T002207",
          "T000611",
          "T000126",
          "997",
          "398363",
          "1727",
          "T009310"
        ]
      },
      "release_date": "2020-11-10T23:00:00.000+00:00",
      "title": "CVE-2020-8695"
    },
    {
      "cve": "CVE-2020-8696",
      "notes": [
        {
          "category": "description",
          "text": "In Intel Prozessoren existieren mehrere Schwachstellen. Sie beruhen auf einer fehlerhaften Isolierung von geteilten Ressourcen, einer unzureichenden Entfernung von vertraulichen Daten vor einer Speicherung oder \u00dcbertragung, einer fehlerhaften Zugriffskontrolle im Linux Kernel Treiber und einer beobachtbaren Diskrepanz in der RAPL Schnittstelle. Ein Angreifer kann dieses nutzen und vertrauliche Daten einsehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006498",
          "T011119",
          "T015519",
          "T015518",
          "T015517",
          "67646",
          "T005643",
          "T015516",
          "T015823",
          "T013312",
          "T015127",
          "T011586",
          "T015126",
          "T004914",
          "T015520",
          "T016872",
          "2951",
          "T002207",
          "T000611",
          "T000126",
          "997",
          "398363",
          "1727",
          "T009310"
        ]
      },
      "release_date": "2020-11-10T23:00:00.000+00:00",
      "title": "CVE-2020-8696"
    },
    {
      "cve": "CVE-2020-8698",
      "notes": [
        {
          "category": "description",
          "text": "In Intel Prozessoren existieren mehrere Schwachstellen. Sie beruhen auf einer fehlerhaften Isolierung von geteilten Ressourcen, einer unzureichenden Entfernung von vertraulichen Daten vor einer Speicherung oder \u00dcbertragung, einer fehlerhaften Zugriffskontrolle im Linux Kernel Treiber und einer beobachtbaren Diskrepanz in der RAPL Schnittstelle. Ein Angreifer kann dieses nutzen und vertrauliche Daten einsehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006498",
          "T011119",
          "T015519",
          "T015518",
          "T015517",
          "67646",
          "T005643",
          "T015516",
          "T015823",
          "T013312",
          "T015127",
          "T011586",
          "T015126",
          "T004914",
          "T015520",
          "T016872",
          "2951",
          "T002207",
          "T000611",
          "T000126",
          "997",
          "398363",
          "1727",
          "T009310"
        ]
      },
      "release_date": "2020-11-10T23:00:00.000+00:00",
      "title": "CVE-2020-8698"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Dell PowerProtect Data Domain Appliances sind speziell f\u00fcr Backup und Daten-Deduplizierung ausgelegte Systeme.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Dell PowerProtect Data Domain ausnutzen, um seine Privilegien zu erh\u00f6hen, Informationen offenzulegen und um nicht n\u00e4her beschriebene Auswirkungen zu erzielen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3377 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3377.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3377 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3377"
      },
      {
        "category": "external",
        "summary": "Dell Security Update",
        "url": "https://www.dell.com/support/kbdoc/de-de/000245360/dsa-2024-424-security-update-for-dell-pdsa-2024-424-security-update-for-dell-powerprotect-dd-vulnerabilityowerprotect-dd-vulnerability"
      },
      {
        "category": "external",
        "summary": "Security Update for Dell PowerProtect Data Domain",
        "url": "https://www.dell.com/support/kbdoc/en-us/000348708/dsa-2025-159-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities"
      }
    ],
    "source_lang": "en-US",
    "title": "Dell PowerProtect Data Domain: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-08-04T22:00:00.000+00:00",
      "generator": {
        "date": "2025-08-05T07:21:01.974+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2024-3377",
      "initial_release_date": "2024-11-07T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-11-07T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-08-04T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Dell aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c8.1.0.0",
                "product": {
                  "name": "Dell PowerProtect Data Domain \u003c8.1.0.0",
                  "product_id": "T038861"
                }
              },
              {
                "category": "product_version",
                "name": "8.1.0.0",
                "product": {
                  "name": "Dell PowerProtect Data Domain 8.1.0.0",
                  "product_id": "T038861-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:powerprotect_data_domain:8.1.0.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.13.1.10",
                "product": {
                  "name": "Dell PowerProtect Data Domain \u003c7.13.1.10",
                  "product_id": "T038862"
                }
              },
              {
                "category": "product_version",
                "name": "7.13.1.10",
                "product": {
                  "name": "Dell PowerProtect Data Domain 7.13.1.10",
                  "product_id": "T038862-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:powerprotect_data_domain:7.13.1.10"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.10.1.40",
                "product": {
                  "name": "Dell PowerProtect Data Domain \u003c7.10.1.40",
                  "product_id": "T038863"
                }
              },
              {
                "category": "product_version",
                "name": "7.10.1.40",
                "product": {
                  "name": "Dell PowerProtect Data Domain 7.10.1.40",
                  "product_id": "T038863-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:powerprotect_data_domain:7.10.1.40"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.7.5.50",
                "product": {
                  "name": "Dell PowerProtect Data Domain \u003c7.7.5.50",
                  "product_id": "T038864"
                }
              },
              {
                "category": "product_version",
                "name": "7.7.5.50",
                "product": {
                  "name": "Dell PowerProtect Data Domain 7.7.5.50",
                  "product_id": "T038864-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:powerprotect_data_domain:7.7.5.50"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Dell PowerProtect Data Domain",
                "product": {
                  "name": "Dell PowerProtect Data Domain",
                  "product_id": "T045852",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:powerprotect_data_domain:-"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "PowerProtect Data Domain"
          },
          {
            "category": "product_name",
            "name": "Dell PowerProtect Data Domain Management Center",
            "product": {
              "name": "Dell PowerProtect Data Domain Management Center",
              "product_id": "T045853",
              "product_identification_helper": {
                "cpe": "cpe:/a:dell:powerprotect_data_domain_management_center:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Dell PowerProtect Data Domain OS",
            "product": {
              "name": "Dell PowerProtect Data Domain OS",
              "product_id": "T045854",
              "product_identification_helper": {
                "cpe": "cpe:/o:dell:powerprotect_data_domain_os:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Dell"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-45759",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-45759"
    },
    {
      "cve": "CVE-2024-48010",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-48010"
    },
    {
      "cve": "CVE-2024-48011",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-48011"
    },
    {
      "cve": "CVE-2017-16829",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2017-16829"
    },
    {
      "cve": "CVE-2017-5849",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2017-5849"
    },
    {
      "cve": "CVE-2018-7208",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2018-7208"
    },
    {
      "cve": "CVE-2019-14889",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2019-14889"
    },
    {
      "cve": "CVE-2020-12912",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2020-12912"
    },
    {
      "cve": "CVE-2020-16135",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2020-16135"
    },
    {
      "cve": "CVE-2020-1730",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2020-1730"
    },
    {
      "cve": "CVE-2020-24455",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2020-24455"
    },
    {
      "cve": "CVE-2020-8694",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2020-8694"
    },
    {
      "cve": "CVE-2020-8695",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2020-8695"
    },
    {
      "cve": "CVE-2021-27219",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2021-27219"
    },
    {
      "cve": "CVE-2021-3565",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2021-3565"
    },
    {
      "cve": "CVE-2021-3634",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2021-3634"
    },
    {
      "cve": "CVE-2022-1210",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-1210"
    },
    {
      "cve": "CVE-2022-1622",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-1622"
    },
    {
      "cve": "CVE-2022-1996",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-1996"
    },
    {
      "cve": "CVE-2022-22576",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-22576"
    },
    {
      "cve": "CVE-2022-25313",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-25313"
    },
    {
      "cve": "CVE-2022-27774",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-27774"
    },
    {
      "cve": "CVE-2022-27775",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-27775"
    },
    {
      "cve": "CVE-2022-27776",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-27776"
    },
    {
      "cve": "CVE-2022-27781",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-27781"
    },
    {
      "cve": "CVE-2022-27782",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-27782"
    },
    {
      "cve": "CVE-2022-29361",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-29361"
    },
    {
      "cve": "CVE-2022-32205",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-32205"
    },
    {
      "cve": "CVE-2022-32206",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-32206"
    },
    {
      "cve": "CVE-2022-32207",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-32207"
    },
    {
      "cve": "CVE-2022-32208",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-32208"
    },
    {
      "cve": "CVE-2022-32221",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-32221"
    },
    {
      "cve": "CVE-2022-35252",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-35252"
    },
    {
      "cve": "CVE-2022-40023",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-40023"
    },
    {
      "cve": "CVE-2022-40090",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-40090"
    },
    {
      "cve": "CVE-2022-42915",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-42915"
    },
    {
      "cve": "CVE-2022-42916",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-42916"
    },
    {
      "cve": "CVE-2022-43551",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-43551"
    },
    {
      "cve": "CVE-2022-43552",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-43552"
    },
    {
      "cve": "CVE-2022-4603",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-4603"
    },
    {
      "cve": "CVE-2022-48064",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-48064"
    },
    {
      "cve": "CVE-2022-48624",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-48624"
    },
    {
      "cve": "CVE-2023-0461",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-0461"
    },
    {
      "cve": "CVE-2023-1667",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-1667"
    },
    {
      "cve": "CVE-2023-1916",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-1916"
    },
    {
      "cve": "CVE-2023-20592",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-20592"
    },
    {
      "cve": "CVE-2023-2137",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-2137"
    },
    {
      "cve": "CVE-2023-22745",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-22745"
    },
    {
      "cve": "CVE-2023-2283",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-2283"
    },
    {
      "cve": "CVE-2023-23914",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-23914"
    },
    {
      "cve": "CVE-2023-23915",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-23915"
    },
    {
      "cve": "CVE-2023-23916",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-23916"
    },
    {
      "cve": "CVE-2023-23934",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-23934"
    },
    {
      "cve": "CVE-2023-25577",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-25577"
    },
    {
      "cve": "CVE-2023-26965",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-26965"
    },
    {
      "cve": "CVE-2023-27043",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-27043"
    },
    {
      "cve": "CVE-2023-2731",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-2731"
    },
    {
      "cve": "CVE-2023-27533",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-27533"
    },
    {
      "cve": "CVE-2023-27534",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-27534"
    },
    {
      "cve": "CVE-2023-27535",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-27535"
    },
    {
      "cve": "CVE-2023-27536",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-27536"
    },
    {
      "cve": "CVE-2023-27538",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-27538"
    },
    {
      "cve": "CVE-2023-28319",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-28319"
    },
    {
      "cve": "CVE-2023-28320",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-28320"
    },
    {
      "cve": "CVE-2023-28321",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-28321"
    },
    {
      "cve": "CVE-2023-28322",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-28322"
    },
    {
      "cve": "CVE-2023-31083",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-31083"
    },
    {
      "cve": "CVE-2023-34055",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-34055"
    },
    {
      "cve": "CVE-2023-35116",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-35116"
    },
    {
      "cve": "CVE-2023-38286",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-38286"
    },
    {
      "cve": "CVE-2023-38469",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-38469"
    },
    {
      "cve": "CVE-2023-38471",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-38471"
    },
    {
      "cve": "CVE-2023-38472",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-38472"
    },
    {
      "cve": "CVE-2023-38545",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-38545"
    },
    {
      "cve": "CVE-2023-38546",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-38546"
    },
    {
      "cve": "CVE-2023-39197",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-39197"
    },
    {
      "cve": "CVE-2023-39198",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-39198"
    },
    {
      "cve": "CVE-2023-39804",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-39804"
    },
    {
      "cve": "CVE-2023-40217",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-40217"
    },
    {
      "cve": "CVE-2023-42465",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-42465"
    },
    {
      "cve": "CVE-2023-4255",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-4255"
    },
    {
      "cve": "CVE-2023-45139",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-45139"
    },
    {
      "cve": "CVE-2023-45322",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-45322"
    },
    {
      "cve": "CVE-2023-45863",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-45863"
    },
    {
      "cve": "CVE-2023-45871",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-45871"
    },
    {
      "cve": "CVE-2023-46136",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-46136"
    },
    {
      "cve": "CVE-2023-46218",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-46218"
    },
    {
      "cve": "CVE-2023-46219",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-46219"
    },
    {
      "cve": "CVE-2023-46751",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-46751"
    },
    {
      "cve": "CVE-2023-48795",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-48795"
    },
    {
      "cve": "CVE-2023-49083",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-49083"
    },
    {
      "cve": "CVE-2023-50447",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-50447"
    },
    {
      "cve": "CVE-2023-5049",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-5049"
    },
    {
      "cve": "CVE-2023-50495",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-50495"
    },
    {
      "cve": "CVE-2023-50782",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-50782"
    },
    {
      "cve": "CVE-2023-51257",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-51257"
    },
    {
      "cve": "CVE-2023-52425",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-52425"
    },
    {
      "cve": "CVE-2023-52426",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-52426"
    },
    {
      "cve": "CVE-2023-5678",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-5678"
    },
    {
      "cve": "CVE-2023-5717",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-5717"
    },
    {
      "cve": "CVE-2023-5752",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-5752"
    },
    {
      "cve": "CVE-2023-6004",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-6004"
    },
    {
      "cve": "CVE-2023-6597",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-6597"
    },
    {
      "cve": "CVE-2023-6918",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-6918"
    },
    {
      "cve": "CVE-2023-7207",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-7207"
    },
    {
      "cve": "CVE-2024-0450",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-0450"
    },
    {
      "cve": "CVE-2024-0727",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-0727"
    },
    {
      "cve": "CVE-2024-0985",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-0985"
    },
    {
      "cve": "CVE-2024-21626",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-21626"
    },
    {
      "cve": "CVE-2024-22195",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-22195"
    },
    {
      "cve": "CVE-2024-22365",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-22365"
    },
    {
      "cve": "CVE-2024-23651",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-23651"
    },
    {
      "cve": "CVE-2024-23652",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-23652"
    },
    {
      "cve": "CVE-2024-23653",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-23653"
    },
    {
      "cve": "CVE-2024-23672",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-23672"
    },
    {
      "cve": "CVE-2024-24549",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-24549"
    },
    {
      "cve": "CVE-2024-25062",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-25062"
    },
    {
      "cve": "CVE-2024-26130",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-26130"
    },
    {
      "cve": "CVE-2024-26458",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-26458"
    },
    {
      "cve": "CVE-2024-26461",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-26461"
    },
    {
      "cve": "CVE-2024-28085",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-28085"
    },
    {
      "cve": "CVE-2024-28182",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-28182"
    },
    {
      "cve": "CVE-2024-28219",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-28219"
    },
    {
      "cve": "CVE-2024-28757",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-28757"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Prozessor ist das zentrale Rechenwerk eines Computers.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Intel Prozessoren ausnutzen, um Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- BIOS/Firmware",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-0999 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2022-0999.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-0999 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0999"
      },
      {
        "category": "external",
        "summary": "Intel Security Advisory INTEL-SA-00381 vom 2020-11-10",
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html"
      },
      {
        "category": "external",
        "summary": "Intel Security Advisory INTEL-SA-00389 vom 2020-11-10",
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3276-1 vom 2020-11-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007744.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3275-1 vom 2020-11-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007746.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3274-1 vom 2020-11-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007749.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3271-1 vom 2020-11-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007750.html"
      },
      {
        "category": "external",
        "summary": "Xen Security Advisory XSA-351 vom 2020-11-10",
        "url": "https://xenbits.xen.org/xsa/advisory-351.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:5085 vom 2020-11-11",
        "url": "https://access.redhat.com/errata/RHSA-2020:5085"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:5084 vom 2020-11-11",
        "url": "https://access.redhat.com/errata/RHSA-2020:5084"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:5083 vom 2020-11-11",
        "url": "https://access.redhat.com/errata/RHSA-2020:5083"
      },
      {
        "category": "external",
        "summary": "HP Security Bulletin",
        "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04057en_us"
      },
      {
        "category": "external",
        "summary": "HPE Security Bulletin",
        "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04059en_us"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3279-1 vom 2020-11-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007757.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:14540-1 vom 2020-11-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007755.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2020-5926 vom 2020-11-13",
        "url": "https://linux.oracle.com/errata/ELSA-2020-5926.html"
      },
      {
        "category": "external",
        "summary": "Citrix Hypervisor Security Update",
        "url": "https://support.citrix.com/article/CTX285937"
      },
      {
        "category": "external",
        "summary": "ORACLE OVMSA-2020-0049 vom 2020-11-12",
        "url": "https://oss.oracle.com/pipermail/oraclevm-errata/2020-November/001003.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2020-5923 vom 2020-11-12",
        "url": "https://linux.oracle.com/errata/ELSA-2020-5923.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2020-5924 vom 2020-11-12",
        "url": "https://linux.oracle.com/errata/ELSA-2020-5924.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3326-1 vom 2020-11-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007775.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3326-1 vom 2020-11-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007776.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2020-5083 vom 2020-11-17",
        "url": "https://linux.oracle.com/errata/ELSA-2020-5083.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2020-5084 vom 2020-11-17",
        "url": "https://linux.oracle.com/errata/ELSA-2020-5084.html"
      },
      {
        "category": "external",
        "summary": "ORACLE OVMSA-2020-0051 vom 2020-11-17",
        "url": "https://oss.oracle.com/pipermail/oraclevm-errata/2020-November/001004.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2020-5085 vom 2020-11-17",
        "url": "http://linux.oracle.com/errata/ELSA-2020-5085.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3416-1 vom 2020-11-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007811.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3415-1 vom 2020-11-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007810.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3412-1 vom 2020-11-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007814.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3414-1 vom 2020-11-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007813.html"
      },
      {
        "category": "external",
        "summary": "Oracle VM Security Advisory OVMSA-2020-0053 vom 2020-11-19",
        "url": "https://oss.oracle.com/pipermail/oraclevm-errata/2020-November/001005.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3374-1 vom 2020-11-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007808.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:14546-1 vom 2020-11-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007804.html"
      },
      {
        "category": "external",
        "summary": "ORACLE OVMSA-2020-0053 vom 2020-11-19",
        "url": "https://oss.oracle.com/pipermail/oraclevm-errata/2020-November/001005.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3413-1 vom 2020-11-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007815.html"
      },
      {
        "category": "external",
        "summary": "CentOS Security Advisory CESA-2020:5083 vom 2020-11-19",
        "url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2020-5083-Moderate-CentOS-7-microcode-ctl-Security-Update-tp4646074.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3372-1 vom 2020-11-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007796.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3373-1 vom 2020-11-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007799.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3457-1 vom 2020-11-20",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007824.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:5185 vom 2020-11-23",
        "url": "https://access.redhat.com/errata/RHSA-2020:5185"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:5186 vom 2020-11-23",
        "url": "https://access.redhat.com/errata/RHSA-2020:5186"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:5184 vom 2020-11-23",
        "url": "https://access.redhat.com/errata/RHSA-2020:5184"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3484-1 vom 2020-11-23",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007841.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:5189 vom 2020-11-23",
        "url": "https://access.redhat.com/errata/RHSA-2020:5189"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:5190 vom 2020-11-23",
        "url": "https://access.redhat.com/errata/RHSA-2020:5190"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:5188 vom 2020-11-23",
        "url": "https://access.redhat.com/errata/RHSA-2020:5188"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:5181 vom 2020-11-23",
        "url": "https://access.redhat.com/errata/RHSA-2020:5181"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:5182 vom 2020-11-23",
        "url": "https://access.redhat.com/errata/RHSA-2020:5182"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:5183 vom 2020-11-23",
        "url": "https://access.redhat.com/errata/RHSA-2020:5183"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3501-1 vom 2020-11-24",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007845.html"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2020-D71FA5F0B9 vom 2020-11-25",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-d71fa5f0b9"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3503-1 vom 2020-11-24",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007846.html"
      },
      {
        "category": "external",
        "summary": "AVAYA Security Advisory ASA-2020-185 vom 2020-11-24",
        "url": "https://downloads.avaya.com/css/P8/documents/101072516"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3512-1 vom 2020-11-25",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007853.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3513-1 vom 2020-11-25",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007854.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3522-1 vom 2020-11-25",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007856.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3514-1 vom 2020-11-25",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007857.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3544-1 vom 2020-11-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007876.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3544-1 vom 2020-11-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007878.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3532-1 vom 2020-11-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007874.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3532-1 vom 2020-11-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007871.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3615-1 vom 2020-12-03",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/007914.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3612-1 vom 2020-12-03",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/007910.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3611-1 vom 2020-12-03",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/007911.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-4804 vom 2020-12-05",
        "url": "https://www.debian.org/security/2020/dsa-4804"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:5369 vom 2020-12-08",
        "url": "https://access.redhat.com/errata/RHSA-2020:5369"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3631-1 vom 2020-12-07",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/007922.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3653-1 vom 2020-12-07",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/007928.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3670-1 vom 2020-12-07",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/007929.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3713-1 vom 2020-12-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/007937.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:14557-1 vom 2020-12-08",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/007936.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3715-1 vom 2020-12-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/007938.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-2483 vom 2020-12-10",
        "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3742-1 vom 2020-12-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/007959.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2020-5996 vom 2020-12-15",
        "url": "http://linux.oracle.com/errata/ELSA-2020-5996.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2020-5995 vom 2020-12-15",
        "url": "http://linux.oracle.com/errata/ELSA-2020-5995.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-2494 vom 2020-12-18",
        "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-9007 vom 2021-01-13",
        "url": "http://linux.oracle.com/errata/ELSA-2021-9007.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-9008 vom 2021-01-12",
        "url": "https://linux.oracle.com/errata/ELSA-2021-9008.html"
      },
      {
        "category": "external",
        "summary": "EMC Security Advisory DSA-2020-249 vom 2021-01-16",
        "url": "https://www.dell.com/support/kbdoc/en-us/000180498/dsa-2020-249-dell-client-platform-security-update-for-intel-platform-updates-2020-2-bios-november-2020"
      },
      {
        "category": "external",
        "summary": "EMC Security Advisory DSA-2020-246 vom 2021-01-16",
        "url": "https://www.dell.com/support/kbdoc/en-us/000180484/dsa-2020-246-dell-emc-server-platform-security-advisory-for-the-monthly-2020-2-intel-platform-updates-nov-2020"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-2546 vom 2021-02-05",
        "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00007.html"
      },
      {
        "category": "external",
        "summary": "Arch Linux Security Advisory ASA-202102-34 vom 2021-02-27",
        "url": "https://security.archlinux.org/ASA-202102-34"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1023-1 vom 2021-04-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008585.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:1460-1 vom 2021-04-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008718.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-4628-1 vom 2021-05-17",
        "url": "https://ubuntu.com/security/notices/USN-4628-3"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2021-1663 vom 2021-06-23",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2021-1663.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3027 vom 2021-08-09",
        "url": "https://access.redhat.com/errata/RHSA-2021:3027"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3028 vom 2021-08-09",
        "url": "https://access.redhat.com/errata/RHSA-2021:3028"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-3027 vom 2021-08-09",
        "url": "http://linux.oracle.com/errata/ELSA-2021-3027.html"
      },
      {
        "category": "external",
        "summary": "CentOS Security Advisory CESA-2021:3028 vom 2021-08-09",
        "url": "https://lists.centos.org/pipermail/centos-announce/2021-August/048347.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-3028 vom 2021-08-09",
        "url": "http://linux.oracle.com/errata/ELSA-2021-3028.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3029 vom 2021-08-10",
        "url": "https://access.redhat.com/errata/RHSA-2021:3029"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3176 vom 2021-08-17",
        "url": "https://access.redhat.com/errata/RHSA-2021:3176"
      },
      {
        "category": "external",
        "summary": "AVAYA Security Advisory ASA-2021-105 vom 2021-08-19",
        "url": "https://downloads.avaya.com/css/P8/documents/101077166"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3255 vom 2021-08-25",
        "url": "https://access.redhat.com/errata/RHSA-2021:3255"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3322 vom 2021-08-31",
        "url": "https://access.redhat.com/errata/RHSA-2021:3322"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3317 vom 2021-08-31",
        "url": "https://access.redhat.com/errata/RHSA-2021:3317"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3323 vom 2021-08-31",
        "url": "https://access.redhat.com/errata/RHSA-2021:3323"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3364 vom 2021-08-31",
        "url": "https://access.redhat.com/errata/RHSA-2021:3364"
      },
      {
        "category": "external",
        "summary": "ORACLE OVMSA-2022-0020 vom 2022-08-10",
        "url": "https://oss.oracle.com/pipermail/oraclevm-errata/2022-August/001056.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4936-1 vom 2023-12-20",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017510.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Intel Prozessoren: Mehrere Schwachstellen erm\u00f6glichen Offenlegung von Informationen",
    "tracking": {
      "current_release_date": "2023-12-20T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:33:10.947+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2022-0999",
      "initial_release_date": "2020-11-10T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2020-11-10T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2020-11-11T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Fedora und SUSE aufgenommen"
        },
        {
          "date": "2020-11-12T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Oracle Linux, Citrix und ORACLE aufgenommen"
        },
        {
          "date": "2020-11-15T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-11-16T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Oracle Linux und Oracle VM aufgenommen"
        },
        {
          "date": "2020-11-17T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2020-11-19T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE, ORACLE und CentOS aufgenommen"
        },
        {
          "date": "2020-11-22T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Fedora und SUSE aufgenommen"
        },
        {
          "date": "2020-11-23T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat und SUSE aufgenommen"
        },
        {
          "date": "2020-11-24T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE und Fedora aufgenommen"
        },
        {
          "date": "2020-11-25T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von AVAYA und SUSE aufgenommen"
        },
        {
          "date": "2020-11-26T23:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-12-03T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-12-06T23:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2020-12-07T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Red Hat und SUSE aufgenommen"
        },
        {
          "date": "2020-12-08T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-12-10T23:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Debian und SUSE aufgenommen"
        },
        {
          "date": "2020-12-14T23:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2020-12-20T23:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2021-01-12T23:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2021-01-17T23:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von EMC aufgenommen"
        },
        {
          "date": "2021-02-07T23:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2021-02-28T23:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von Arch Linux aufgenommen"
        },
        {
          "date": "2021-04-06T22:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-05-02T22:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-05-16T22:00:00.000+00:00",
          "number": "26",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2021-06-23T22:00:00.000+00:00",
          "number": "27",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2021-08-08T22:00:00.000+00:00",
          "number": "28",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-08-09T22:00:00.000+00:00",
          "number": "29",
          "summary": "Neue Updates von Oracle Linux und CentOS aufgenommen"
        },
        {
          "date": "2021-08-10T22:00:00.000+00:00",
          "number": "30",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-08-16T22:00:00.000+00:00",
          "number": "31",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-08-22T22:00:00.000+00:00",
          "number": "32",
          "summary": "Neue Updates von AVAYA aufgenommen"
        },
        {
          "date": "2021-08-24T22:00:00.000+00:00",
          "number": "33",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-08-30T22:00:00.000+00:00",
          "number": "34",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-08-10T22:00:00.000+00:00",
          "number": "35",
          "summary": "Neue Updates von ORACLE aufgenommen"
        },
        {
          "date": "2023-12-20T23:00:00.000+00:00",
          "number": "36",
          "summary": "Neue Updates von SUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "36"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Avaya Aura Application Enablement Services",
            "product": {
              "name": "Avaya Aura Application Enablement Services",
              "product_id": "T015516",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:aura_application_enablement_services:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Aura Communication Manager",
            "product": {
              "name": "Avaya Aura Communication Manager",
              "product_id": "T015126",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:communication_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Aura Device Services",
            "product": {
              "name": "Avaya Aura Device Services",
              "product_id": "T015517",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:aura_device_services:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Aura Experience Portal",
            "product": {
              "name": "Avaya Aura Experience Portal",
              "product_id": "T015519",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:aura_experience_portal:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Aura Session Manager",
            "product": {
              "name": "Avaya Aura Session Manager",
              "product_id": "T015127",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:session_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Aura System Manager",
            "product": {
              "name": "Avaya Aura System Manager",
              "product_id": "T015518",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:aura_system_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Breeze Platform",
            "product": {
              "name": "Avaya Breeze Platform",
              "product_id": "T015823",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:breeze_platform:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya CMS",
            "product": {
              "name": "Avaya CMS",
              "product_id": "997",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:call_management_system_server:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Session Border Controller",
            "product": {
              "name": "Avaya Session Border Controller",
              "product_id": "T015520",
              "product_identification_helper": {
                "cpe": "cpe:/h:avaya:session_border_controller:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Avaya"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Citrix Systems Hypervisor",
            "product": {
              "name": "Citrix Systems Hypervisor",
              "product_id": "T016872",
              "product_identification_helper": {
                "cpe": "cpe:/o:citrix:hypervisor:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Citrix Systems"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Dell BIOS",
            "product": {
              "name": "Dell BIOS",
              "product_id": "T005643",
              "product_identification_helper": {
                "cpe": "cpe:/h:dell:bios:latitude"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Dell Computer",
            "product": {
              "name": "Dell Computer",
              "product_id": "T006498",
              "product_identification_helper": {
                "cpe": "cpe:/o:dell:dell_computer:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HPE ProLiant",
            "product": {
              "name": "HPE ProLiant",
              "product_id": "T009310",
              "product_identification_helper": {
                "cpe": "cpe:/h:hp:proliant:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "HPE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Intel Prozessor",
            "product": {
              "name": "Intel Prozessor",
              "product_id": "T011586",
              "product_identification_helper": {
                "cpe": "cpe:/h:intel:intel_prozessor:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Intel"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Arch Linux",
            "product": {
              "name": "Open Source Arch Linux",
              "product_id": "T013312",
              "product_identification_helper": {
                "cpe": "cpe:/o:archlinux:archlinux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Open Source CentOS",
            "product": {
              "name": "Open Source CentOS",
              "product_id": "1727",
              "product_identification_helper": {
                "cpe": "cpe:/o:centos:centos:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Open Source Xen",
            "product": {
              "name": "Open Source Xen",
              "product_id": "T000611",
              "product_identification_helper": {
                "cpe": "cpe:/o:xen:xen:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Oracle VM",
            "product": {
              "name": "Oracle VM",
              "product_id": "T011119",
              "product_identification_helper": {
                "cpe": "cpe:/a:oracle:vm:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-28368",
      "notes": [
        {
          "category": "description",
          "text": "In Intel Prozessoren existieren mehrere Schwachstellen. Sie beruhen auf einer fehlerhaften Isolierung von geteilten Ressourcen, einer unzureichenden Entfernung von vertraulichen Daten vor einer Speicherung oder \u00dcbertragung, einer fehlerhaften Zugriffskontrolle im Linux Kernel Treiber und einer beobachtbaren Diskrepanz in der RAPL Schnittstelle. Ein Angreifer kann dieses nutzen und vertrauliche Daten einsehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006498",
          "T011119",
          "T015519",
          "T015518",
          "T015517",
          "67646",
          "T005643",
          "T015516",
          "T015823",
          "T013312",
          "T015127",
          "T011586",
          "T015126",
          "T004914",
          "T015520",
          "T016872",
          "2951",
          "T002207",
          "T000611",
          "T000126",
          "997",
          "398363",
          "1727",
          "T009310"
        ]
      },
      "release_date": "2020-11-10T23:00:00.000+00:00",
      "title": "CVE-2020-28368"
    },
    {
      "cve": "CVE-2020-8694",
      "notes": [
        {
          "category": "description",
          "text": "In Intel Prozessoren existieren mehrere Schwachstellen. Sie beruhen auf einer fehlerhaften Isolierung von geteilten Ressourcen, einer unzureichenden Entfernung von vertraulichen Daten vor einer Speicherung oder \u00dcbertragung, einer fehlerhaften Zugriffskontrolle im Linux Kernel Treiber und einer beobachtbaren Diskrepanz in der RAPL Schnittstelle. Ein Angreifer kann dieses nutzen und vertrauliche Daten einsehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006498",
          "T011119",
          "T015519",
          "T015518",
          "T015517",
          "67646",
          "T005643",
          "T015516",
          "T015823",
          "T013312",
          "T015127",
          "T011586",
          "T015126",
          "T004914",
          "T015520",
          "T016872",
          "2951",
          "T002207",
          "T000611",
          "T000126",
          "997",
          "398363",
          "1727",
          "T009310"
        ]
      },
      "release_date": "2020-11-10T23:00:00.000+00:00",
      "title": "CVE-2020-8694"
    },
    {
      "cve": "CVE-2020-8695",
      "notes": [
        {
          "category": "description",
          "text": "In Intel Prozessoren existieren mehrere Schwachstellen. Sie beruhen auf einer fehlerhaften Isolierung von geteilten Ressourcen, einer unzureichenden Entfernung von vertraulichen Daten vor einer Speicherung oder \u00dcbertragung, einer fehlerhaften Zugriffskontrolle im Linux Kernel Treiber und einer beobachtbaren Diskrepanz in der RAPL Schnittstelle. Ein Angreifer kann dieses nutzen und vertrauliche Daten einsehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006498",
          "T011119",
          "T015519",
          "T015518",
          "T015517",
          "67646",
          "T005643",
          "T015516",
          "T015823",
          "T013312",
          "T015127",
          "T011586",
          "T015126",
          "T004914",
          "T015520",
          "T016872",
          "2951",
          "T002207",
          "T000611",
          "T000126",
          "997",
          "398363",
          "1727",
          "T009310"
        ]
      },
      "release_date": "2020-11-10T23:00:00.000+00:00",
      "title": "CVE-2020-8695"
    },
    {
      "cve": "CVE-2020-8696",
      "notes": [
        {
          "category": "description",
          "text": "In Intel Prozessoren existieren mehrere Schwachstellen. Sie beruhen auf einer fehlerhaften Isolierung von geteilten Ressourcen, einer unzureichenden Entfernung von vertraulichen Daten vor einer Speicherung oder \u00dcbertragung, einer fehlerhaften Zugriffskontrolle im Linux Kernel Treiber und einer beobachtbaren Diskrepanz in der RAPL Schnittstelle. Ein Angreifer kann dieses nutzen und vertrauliche Daten einsehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006498",
          "T011119",
          "T015519",
          "T015518",
          "T015517",
          "67646",
          "T005643",
          "T015516",
          "T015823",
          "T013312",
          "T015127",
          "T011586",
          "T015126",
          "T004914",
          "T015520",
          "T016872",
          "2951",
          "T002207",
          "T000611",
          "T000126",
          "997",
          "398363",
          "1727",
          "T009310"
        ]
      },
      "release_date": "2020-11-10T23:00:00.000+00:00",
      "title": "CVE-2020-8696"
    },
    {
      "cve": "CVE-2020-8698",
      "notes": [
        {
          "category": "description",
          "text": "In Intel Prozessoren existieren mehrere Schwachstellen. Sie beruhen auf einer fehlerhaften Isolierung von geteilten Ressourcen, einer unzureichenden Entfernung von vertraulichen Daten vor einer Speicherung oder \u00dcbertragung, einer fehlerhaften Zugriffskontrolle im Linux Kernel Treiber und einer beobachtbaren Diskrepanz in der RAPL Schnittstelle. Ein Angreifer kann dieses nutzen und vertrauliche Daten einsehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006498",
          "T011119",
          "T015519",
          "T015518",
          "T015517",
          "67646",
          "T005643",
          "T015516",
          "T015823",
          "T013312",
          "T015127",
          "T011586",
          "T015126",
          "T004914",
          "T015520",
          "T016872",
          "2951",
          "T002207",
          "T000611",
          "T000126",
          "997",
          "398363",
          "1727",
          "T009310"
        ]
      },
      "release_date": "2020-11-10T23:00:00.000+00:00",
      "title": "CVE-2020-8698"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Junos Space ist eine Software-Plattform, die eine Reihe von Applikationen f\u00fcr das Netzwerkmanagement beinhaltet.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Juniper Junos Space ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Juniper Appliance",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0063 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2023-0063.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0063 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0063"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisory JSA70182 vom 2023-01-12",
        "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Contrail-Service-Orchestration-Multiple-vulnerabilities-resolved-in-CSO-6-3-0?language=en_US"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisory vom 2022-01-12",
        "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11287\u0026cat=SIRT_1"
      }
    ],
    "source_lang": "en-US",
    "title": "Juniper Junos Space: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-01-11T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:41:07.526+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-0063",
      "initial_release_date": "2022-01-12T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2022-01-12T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-01-11T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Juniper aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Juniper Contrail Service Orchestration",
            "product": {
              "name": "Juniper Contrail Service Orchestration",
              "product_id": "T025794",
              "product_identification_helper": {
                "cpe": "cpe:/a:juniper:contrail_service_orchestration:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Juniper Junos Space \u003c 21.3R1",
            "product": {
              "name": "Juniper Junos Space \u003c 21.3R1",
              "product_id": "T021576",
              "product_identification_helper": {
                "cpe": "cpe:/a:juniper:junos_space:21.3r1"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Juniper"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-17543",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2019-17543"
    },
    {
      "cve": "CVE-2019-20934",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2019-20934"
    },
    {
      "cve": "CVE-2020-0543",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-0543"
    },
    {
      "cve": "CVE-2020-0548",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-0548"
    },
    {
      "cve": "CVE-2020-0549",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-0549"
    },
    {
      "cve": "CVE-2020-11022",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-11022"
    },
    {
      "cve": "CVE-2020-11023",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-11023"
    },
    {
      "cve": "CVE-2020-11668",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-11668"
    },
    {
      "cve": "CVE-2020-11984",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-11984"
    },
    {
      "cve": "CVE-2020-11993",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-11993"
    },
    {
      "cve": "CVE-2020-12362",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-12362"
    },
    {
      "cve": "CVE-2020-12363",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-12363"
    },
    {
      "cve": "CVE-2020-12364",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-12364"
    },
    {
      "cve": "CVE-2020-1927",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-1927"
    },
    {
      "cve": "CVE-2020-1934",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-1934"
    },
    {
      "cve": "CVE-2020-24489",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-24489"
    },
    {
      "cve": "CVE-2020-24511",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-24511"
    },
    {
      "cve": "CVE-2020-24512",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-24512"
    },
    {
      "cve": "CVE-2020-27170",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-27170"
    },
    {
      "cve": "CVE-2020-27777",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-27777"
    },
    {
      "cve": "CVE-2020-29443",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-29443"
    },
    {
      "cve": "CVE-2020-8625",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-8625"
    },
    {
      "cve": "CVE-2020-8648",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-8648"
    },
    {
      "cve": "CVE-2020-8695",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-8695"
    },
    {
      "cve": "CVE-2020-8696",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-8696"
    },
    {
      "cve": "CVE-2020-8698",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-8698"
    },
    {
      "cve": "CVE-2020-9490",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-9490"
    },
    {
      "cve": "CVE-2021-20254",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-20254"
    },
    {
      "cve": "CVE-2021-22555",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-22555"
    },
    {
      "cve": "CVE-2021-22901",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-22901"
    },
    {
      "cve": "CVE-2021-2341",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-2341"
    },
    {
      "cve": "CVE-2021-2342",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-2342"
    },
    {
      "cve": "CVE-2021-2356",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-2356"
    },
    {
      "cve": "CVE-2021-2369",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-2369"
    },
    {
      "cve": "CVE-2021-2372",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-2372"
    },
    {
      "cve": "CVE-2021-2385",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-2385"
    },
    {
      "cve": "CVE-2021-2388",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-2388"
    },
    {
      "cve": "CVE-2021-2389",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-2389"
    },
    {
      "cve": "CVE-2021-2390",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-2390"
    },
    {
      "cve": "CVE-2021-25214",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-25214"
    },
    {
      "cve": "CVE-2021-25217",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-25217"
    },
    {
      "cve": "CVE-2021-27219",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-27219"
    },
    {
      "cve": "CVE-2021-29154",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-29154"
    },
    {
      "cve": "CVE-2021-29650",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-29650"
    },
    {
      "cve": "CVE-2021-31535",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-31535"
    },
    {
      "cve": "CVE-2021-32399",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-32399"
    },
    {
      "cve": "CVE-2021-33033",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-33033"
    },
    {
      "cve": "CVE-2021-33034",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-33034"
    },
    {
      "cve": "CVE-2021-3347",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-3347"
    },
    {
      "cve": "CVE-2021-33909",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-33909"
    },
    {
      "cve": "CVE-2021-3653",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-3653"
    },
    {
      "cve": "CVE-2021-3656",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-3656"
    },
    {
      "cve": "CVE-2021-3715",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-3715"
    },
    {
      "cve": "CVE-2021-37576",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-37576"
    },
    {
      "cve": "CVE-2021-4104",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-4104"
    },
    {
      "cve": "CVE-2021-42550",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-42550"
    },
    {
      "cve": "CVE-2021-44228",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-44228"
    },
    {
      "cve": "CVE-2021-45046",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-45046"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Dell PowerProtect Data Domain Appliances sind speziell f\u00fcr Backup und Daten-Deduplizierung ausgelegte Systeme.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Dell PowerProtect Data Domain ausnutzen, um seine Privilegien zu erh\u00f6hen, Informationen offenzulegen und um nicht n\u00e4her beschriebene Auswirkungen zu erzielen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3377 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3377.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3377 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3377"
      },
      {
        "category": "external",
        "summary": "Dell Security Update",
        "url": "https://www.dell.com/support/kbdoc/de-de/000245360/dsa-2024-424-security-update-for-dell-pdsa-2024-424-security-update-for-dell-powerprotect-dd-vulnerabilityowerprotect-dd-vulnerability"
      },
      {
        "category": "external",
        "summary": "Security Update for Dell PowerProtect Data Domain",
        "url": "https://www.dell.com/support/kbdoc/en-us/000348708/dsa-2025-159-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities"
      }
    ],
    "source_lang": "en-US",
    "title": "Dell PowerProtect Data Domain: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-08-04T22:00:00.000+00:00",
      "generator": {
        "date": "2025-08-05T07:21:01.974+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2024-3377",
      "initial_release_date": "2024-11-07T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-11-07T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-08-04T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Dell aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c8.1.0.0",
                "product": {
                  "name": "Dell PowerProtect Data Domain \u003c8.1.0.0",
                  "product_id": "T038861"
                }
              },
              {
                "category": "product_version",
                "name": "8.1.0.0",
                "product": {
                  "name": "Dell PowerProtect Data Domain 8.1.0.0",
                  "product_id": "T038861-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:powerprotect_data_domain:8.1.0.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.13.1.10",
                "product": {
                  "name": "Dell PowerProtect Data Domain \u003c7.13.1.10",
                  "product_id": "T038862"
                }
              },
              {
                "category": "product_version",
                "name": "7.13.1.10",
                "product": {
                  "name": "Dell PowerProtect Data Domain 7.13.1.10",
                  "product_id": "T038862-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:powerprotect_data_domain:7.13.1.10"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.10.1.40",
                "product": {
                  "name": "Dell PowerProtect Data Domain \u003c7.10.1.40",
                  "product_id": "T038863"
                }
              },
              {
                "category": "product_version",
                "name": "7.10.1.40",
                "product": {
                  "name": "Dell PowerProtect Data Domain 7.10.1.40",
                  "product_id": "T038863-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:powerprotect_data_domain:7.10.1.40"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.7.5.50",
                "product": {
                  "name": "Dell PowerProtect Data Domain \u003c7.7.5.50",
                  "product_id": "T038864"
                }
              },
              {
                "category": "product_version",
                "name": "7.7.5.50",
                "product": {
                  "name": "Dell PowerProtect Data Domain 7.7.5.50",
                  "product_id": "T038864-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:powerprotect_data_domain:7.7.5.50"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Dell PowerProtect Data Domain",
                "product": {
                  "name": "Dell PowerProtect Data Domain",
                  "product_id": "T045852",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:powerprotect_data_domain:-"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "PowerProtect Data Domain"
          },
          {
            "category": "product_name",
            "name": "Dell PowerProtect Data Domain Management Center",
            "product": {
              "name": "Dell PowerProtect Data Domain Management Center",
              "product_id": "T045853",
              "product_identification_helper": {
                "cpe": "cpe:/a:dell:powerprotect_data_domain_management_center:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Dell PowerProtect Data Domain OS",
            "product": {
              "name": "Dell PowerProtect Data Domain OS",
              "product_id": "T045854",
              "product_identification_helper": {
                "cpe": "cpe:/o:dell:powerprotect_data_domain_os:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Dell"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-45759",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-45759"
    },
    {
      "cve": "CVE-2024-48010",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-48010"
    },
    {
      "cve": "CVE-2024-48011",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-48011"
    },
    {
      "cve": "CVE-2017-16829",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2017-16829"
    },
    {
      "cve": "CVE-2017-5849",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2017-5849"
    },
    {
      "cve": "CVE-2018-7208",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2018-7208"
    },
    {
      "cve": "CVE-2019-14889",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2019-14889"
    },
    {
      "cve": "CVE-2020-12912",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2020-12912"
    },
    {
      "cve": "CVE-2020-16135",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2020-16135"
    },
    {
      "cve": "CVE-2020-1730",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2020-1730"
    },
    {
      "cve": "CVE-2020-24455",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2020-24455"
    },
    {
      "cve": "CVE-2020-8694",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2020-8694"
    },
    {
      "cve": "CVE-2020-8695",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2020-8695"
    },
    {
      "cve": "CVE-2021-27219",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2021-27219"
    },
    {
      "cve": "CVE-2021-3565",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2021-3565"
    },
    {
      "cve": "CVE-2021-3634",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2021-3634"
    },
    {
      "cve": "CVE-2022-1210",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-1210"
    },
    {
      "cve": "CVE-2022-1622",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-1622"
    },
    {
      "cve": "CVE-2022-1996",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-1996"
    },
    {
      "cve": "CVE-2022-22576",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-22576"
    },
    {
      "cve": "CVE-2022-25313",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-25313"
    },
    {
      "cve": "CVE-2022-27774",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-27774"
    },
    {
      "cve": "CVE-2022-27775",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-27775"
    },
    {
      "cve": "CVE-2022-27776",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-27776"
    },
    {
      "cve": "CVE-2022-27781",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-27781"
    },
    {
      "cve": "CVE-2022-27782",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-27782"
    },
    {
      "cve": "CVE-2022-29361",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-29361"
    },
    {
      "cve": "CVE-2022-32205",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-32205"
    },
    {
      "cve": "CVE-2022-32206",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-32206"
    },
    {
      "cve": "CVE-2022-32207",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-32207"
    },
    {
      "cve": "CVE-2022-32208",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-32208"
    },
    {
      "cve": "CVE-2022-32221",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-32221"
    },
    {
      "cve": "CVE-2022-35252",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-35252"
    },
    {
      "cve": "CVE-2022-40023",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-40023"
    },
    {
      "cve": "CVE-2022-40090",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-40090"
    },
    {
      "cve": "CVE-2022-42915",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-42915"
    },
    {
      "cve": "CVE-2022-42916",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-42916"
    },
    {
      "cve": "CVE-2022-43551",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-43551"
    },
    {
      "cve": "CVE-2022-43552",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-43552"
    },
    {
      "cve": "CVE-2022-4603",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-4603"
    },
    {
      "cve": "CVE-2022-48064",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-48064"
    },
    {
      "cve": "CVE-2022-48624",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2022-48624"
    },
    {
      "cve": "CVE-2023-0461",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-0461"
    },
    {
      "cve": "CVE-2023-1667",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-1667"
    },
    {
      "cve": "CVE-2023-1916",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-1916"
    },
    {
      "cve": "CVE-2023-20592",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-20592"
    },
    {
      "cve": "CVE-2023-2137",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-2137"
    },
    {
      "cve": "CVE-2023-22745",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-22745"
    },
    {
      "cve": "CVE-2023-2283",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-2283"
    },
    {
      "cve": "CVE-2023-23914",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-23914"
    },
    {
      "cve": "CVE-2023-23915",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-23915"
    },
    {
      "cve": "CVE-2023-23916",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-23916"
    },
    {
      "cve": "CVE-2023-23934",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-23934"
    },
    {
      "cve": "CVE-2023-25577",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-25577"
    },
    {
      "cve": "CVE-2023-26965",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-26965"
    },
    {
      "cve": "CVE-2023-27043",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-27043"
    },
    {
      "cve": "CVE-2023-2731",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-2731"
    },
    {
      "cve": "CVE-2023-27533",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-27533"
    },
    {
      "cve": "CVE-2023-27534",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-27534"
    },
    {
      "cve": "CVE-2023-27535",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-27535"
    },
    {
      "cve": "CVE-2023-27536",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-27536"
    },
    {
      "cve": "CVE-2023-27538",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-27538"
    },
    {
      "cve": "CVE-2023-28319",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-28319"
    },
    {
      "cve": "CVE-2023-28320",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-28320"
    },
    {
      "cve": "CVE-2023-28321",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-28321"
    },
    {
      "cve": "CVE-2023-28322",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-28322"
    },
    {
      "cve": "CVE-2023-31083",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-31083"
    },
    {
      "cve": "CVE-2023-34055",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-34055"
    },
    {
      "cve": "CVE-2023-35116",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-35116"
    },
    {
      "cve": "CVE-2023-38286",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-38286"
    },
    {
      "cve": "CVE-2023-38469",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-38469"
    },
    {
      "cve": "CVE-2023-38471",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-38471"
    },
    {
      "cve": "CVE-2023-38472",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-38472"
    },
    {
      "cve": "CVE-2023-38545",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-38545"
    },
    {
      "cve": "CVE-2023-38546",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-38546"
    },
    {
      "cve": "CVE-2023-39197",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-39197"
    },
    {
      "cve": "CVE-2023-39198",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-39198"
    },
    {
      "cve": "CVE-2023-39804",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-39804"
    },
    {
      "cve": "CVE-2023-40217",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-40217"
    },
    {
      "cve": "CVE-2023-42465",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-42465"
    },
    {
      "cve": "CVE-2023-4255",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-4255"
    },
    {
      "cve": "CVE-2023-45139",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-45139"
    },
    {
      "cve": "CVE-2023-45322",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-45322"
    },
    {
      "cve": "CVE-2023-45863",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-45863"
    },
    {
      "cve": "CVE-2023-45871",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-45871"
    },
    {
      "cve": "CVE-2023-46136",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-46136"
    },
    {
      "cve": "CVE-2023-46218",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-46218"
    },
    {
      "cve": "CVE-2023-46219",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-46219"
    },
    {
      "cve": "CVE-2023-46751",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-46751"
    },
    {
      "cve": "CVE-2023-48795",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-48795"
    },
    {
      "cve": "CVE-2023-49083",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-49083"
    },
    {
      "cve": "CVE-2023-50447",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-50447"
    },
    {
      "cve": "CVE-2023-5049",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-5049"
    },
    {
      "cve": "CVE-2023-50495",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-50495"
    },
    {
      "cve": "CVE-2023-50782",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-50782"
    },
    {
      "cve": "CVE-2023-51257",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-51257"
    },
    {
      "cve": "CVE-2023-52425",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-52425"
    },
    {
      "cve": "CVE-2023-52426",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-52426"
    },
    {
      "cve": "CVE-2023-5678",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-5678"
    },
    {
      "cve": "CVE-2023-5717",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-5717"
    },
    {
      "cve": "CVE-2023-5752",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-5752"
    },
    {
      "cve": "CVE-2023-6004",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-6004"
    },
    {
      "cve": "CVE-2023-6597",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-6597"
    },
    {
      "cve": "CVE-2023-6918",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-6918"
    },
    {
      "cve": "CVE-2023-7207",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2023-7207"
    },
    {
      "cve": "CVE-2024-0450",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-0450"
    },
    {
      "cve": "CVE-2024-0727",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-0727"
    },
    {
      "cve": "CVE-2024-0985",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-0985"
    },
    {
      "cve": "CVE-2024-21626",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-21626"
    },
    {
      "cve": "CVE-2024-22195",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-22195"
    },
    {
      "cve": "CVE-2024-22365",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-22365"
    },
    {
      "cve": "CVE-2024-23651",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-23651"
    },
    {
      "cve": "CVE-2024-23652",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-23652"
    },
    {
      "cve": "CVE-2024-23653",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-23653"
    },
    {
      "cve": "CVE-2024-23672",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-23672"
    },
    {
      "cve": "CVE-2024-24549",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-24549"
    },
    {
      "cve": "CVE-2024-25062",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-25062"
    },
    {
      "cve": "CVE-2024-26130",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-26130"
    },
    {
      "cve": "CVE-2024-26458",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-26458"
    },
    {
      "cve": "CVE-2024-26461",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-26461"
    },
    {
      "cve": "CVE-2024-28085",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-28085"
    },
    {
      "cve": "CVE-2024-28182",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-28182"
    },
    {
      "cve": "CVE-2024-28219",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-28219"
    },
    {
      "cve": "CVE-2024-28757",
      "product_status": {
        "known_affected": [
          "T045853",
          "T045852",
          "T045854",
          "T038864",
          "T038863",
          "T038862",
          "T038861"
        ]
      },
      "release_date": "2024-11-07T23:00:00.000+00:00",
      "title": "CVE-2024-28757"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Junos Space ist eine Software-Plattform, die eine Reihe von Applikationen f\u00fcr das Netzwerkmanagement beinhaltet.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Juniper Junos Space ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Juniper Appliance",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0063 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2023-0063.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0063 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0063"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisory JSA70182 vom 2023-01-12",
        "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Contrail-Service-Orchestration-Multiple-vulnerabilities-resolved-in-CSO-6-3-0?language=en_US"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisory vom 2022-01-12",
        "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11287\u0026cat=SIRT_1"
      }
    ],
    "source_lang": "en-US",
    "title": "Juniper Junos Space: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-01-11T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:41:07.526+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-0063",
      "initial_release_date": "2022-01-12T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2022-01-12T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-01-11T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Juniper aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Juniper Contrail Service Orchestration",
            "product": {
              "name": "Juniper Contrail Service Orchestration",
              "product_id": "T025794",
              "product_identification_helper": {
                "cpe": "cpe:/a:juniper:contrail_service_orchestration:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Juniper Junos Space \u003c 21.3R1",
            "product": {
              "name": "Juniper Junos Space \u003c 21.3R1",
              "product_id": "T021576",
              "product_identification_helper": {
                "cpe": "cpe:/a:juniper:junos_space:21.3r1"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Juniper"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-17543",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2019-17543"
    },
    {
      "cve": "CVE-2019-20934",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2019-20934"
    },
    {
      "cve": "CVE-2020-0543",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-0543"
    },
    {
      "cve": "CVE-2020-0548",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-0548"
    },
    {
      "cve": "CVE-2020-0549",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-0549"
    },
    {
      "cve": "CVE-2020-11022",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-11022"
    },
    {
      "cve": "CVE-2020-11023",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-11023"
    },
    {
      "cve": "CVE-2020-11668",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-11668"
    },
    {
      "cve": "CVE-2020-11984",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-11984"
    },
    {
      "cve": "CVE-2020-11993",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-11993"
    },
    {
      "cve": "CVE-2020-12362",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-12362"
    },
    {
      "cve": "CVE-2020-12363",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-12363"
    },
    {
      "cve": "CVE-2020-12364",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-12364"
    },
    {
      "cve": "CVE-2020-1927",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-1927"
    },
    {
      "cve": "CVE-2020-1934",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-1934"
    },
    {
      "cve": "CVE-2020-24489",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-24489"
    },
    {
      "cve": "CVE-2020-24511",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-24511"
    },
    {
      "cve": "CVE-2020-24512",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-24512"
    },
    {
      "cve": "CVE-2020-27170",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-27170"
    },
    {
      "cve": "CVE-2020-27777",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-27777"
    },
    {
      "cve": "CVE-2020-29443",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-29443"
    },
    {
      "cve": "CVE-2020-8625",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-8625"
    },
    {
      "cve": "CVE-2020-8648",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-8648"
    },
    {
      "cve": "CVE-2020-8695",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-8695"
    },
    {
      "cve": "CVE-2020-8696",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-8696"
    },
    {
      "cve": "CVE-2020-8698",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-8698"
    },
    {
      "cve": "CVE-2020-9490",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2020-9490"
    },
    {
      "cve": "CVE-2021-20254",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-20254"
    },
    {
      "cve": "CVE-2021-22555",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-22555"
    },
    {
      "cve": "CVE-2021-22901",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-22901"
    },
    {
      "cve": "CVE-2021-2341",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-2341"
    },
    {
      "cve": "CVE-2021-2342",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-2342"
    },
    {
      "cve": "CVE-2021-2356",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-2356"
    },
    {
      "cve": "CVE-2021-2369",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-2369"
    },
    {
      "cve": "CVE-2021-2372",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-2372"
    },
    {
      "cve": "CVE-2021-2385",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-2385"
    },
    {
      "cve": "CVE-2021-2388",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-2388"
    },
    {
      "cve": "CVE-2021-2389",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-2389"
    },
    {
      "cve": "CVE-2021-2390",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-2390"
    },
    {
      "cve": "CVE-2021-25214",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-25214"
    },
    {
      "cve": "CVE-2021-25217",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-25217"
    },
    {
      "cve": "CVE-2021-27219",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-27219"
    },
    {
      "cve": "CVE-2021-29154",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-29154"
    },
    {
      "cve": "CVE-2021-29650",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-29650"
    },
    {
      "cve": "CVE-2021-31535",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-31535"
    },
    {
      "cve": "CVE-2021-32399",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-32399"
    },
    {
      "cve": "CVE-2021-33033",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-33033"
    },
    {
      "cve": "CVE-2021-33034",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-33034"
    },
    {
      "cve": "CVE-2021-3347",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-3347"
    },
    {
      "cve": "CVE-2021-33909",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-33909"
    },
    {
      "cve": "CVE-2021-3653",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-3653"
    },
    {
      "cve": "CVE-2021-3656",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-3656"
    },
    {
      "cve": "CVE-2021-3715",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-3715"
    },
    {
      "cve": "CVE-2021-37576",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-37576"
    },
    {
      "cve": "CVE-2021-4104",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-4104"
    },
    {
      "cve": "CVE-2021-42550",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-42550"
    },
    {
      "cve": "CVE-2021-44228",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-44228"
    },
    {
      "cve": "CVE-2021-45046",
      "notes": [
        {
          "category": "description",
          "text": "In Juniper Junos Space existieren mehrere Schwachstellen. Die Fehler existieren in verschiedenen Komponenten und Bibliotheken, darunter LZ4, Linux Kernel, Intel Prozessoren, Apache HTTP Server, BIND, Intel VT-d, Intel Grafiktreiber, KVM Hypervisor, QEMU, Java SE, MySQL Server, samba, curl, GNOME, jQuery, Apache Log4j und logback. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T025794"
        ]
      },
      "release_date": "2022-01-12T23:00:00.000+00:00",
      "title": "CVE-2021-45046"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for ucode-intel",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for ucode-intel fixes the following issues:\n\n- Updated Intel CPU Microcode to 20201118 official release. (bsc#1178971)\n - Removed TGL/06-8c-01/80 due to functional issues with some OEM platforms.\n - CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) INTEL-SA-00389 (bsc#1170446)\n - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594)\n - CVE-2020-8696: Vector Register Sampling Active INTEL-SA-00381 (bsc#1173592)\n\n- Release notes:\n  - Security updates for [INTEL-SA-00381](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html).\n  - Security updates for [INTEL-SA-00389](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html).\n  - Update for functional issues. Refer to [Second Generation Intel\u00ae Xeon\u00ae Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details.\n  - Update for functional issues. Refer to [Intel\u00ae Xeon\u00ae Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details.\n  - Update for functional issues. Refer to [Intel\u00ae Xeon\u00ae Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details.\n  - Update for functional issues. Refer to [10th Gen Intel\u00ae Core\u2122 Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details.\n  - Update for functional issues. Refer to [8th and 9th Gen Intel\u00ae Core\u2122 Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details.\n  - Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel\u00ae Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details.\n  - Update for functional issues. Refer to [6th Gen Intel\u00ae Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details.\n  - Update for functional issues. Refer to [Intel\u00ae Xeon\u00ae E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details.\n  - Update for functional issues. Refer to [Intel\u00ae Xeon\u00ae E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details.\n\n  ### New Platforms\n  | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products\n  |:---------------|:---------|:------------|:---------|:---------|:---------\n  | CPX-SP         | A1       | 06-55-0b/bf |          | 0700001e | Xeon Scalable Gen3\n  | LKF            | B2/B3    | 06-8a-01/10 |          | 00000028 | Core w/Hybrid Technology\n  | TGL            | B1       | 06-8c-01/80 |          | 00000068 | Core Gen11 Mobile\n  | CML-H          | R1       | 06-a5-02/20 |          | 000000e0 | Core Gen10 Mobile\n  | CML-S62        | G1       | 06-a5-03/22 |          | 000000e0 | Core Gen10\n  | CML-S102       | Q0       | 06-a5-05/22 |          | 000000e0 | Core Gen10 \n  | CML-U62 V2     | K0       | 06-a6-01/80 |          | 000000e0 | Core Gen10 Mobile\n  ### Updated Platforms\n  | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products\n  |:---------------|:---------|:------------|:---------|:---------|:---------\n  | HSX-E/EP       | Cx/M1    | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3\n  | SKL-U/Y        | D0       | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile\n  | SKL-U23e       | K1       | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile\n  | SKX-SP         | B1       | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable\n  | SKX-SP         | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable\n  | SKX-D          | M1       | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx\n  | CLX-SP         | B0       | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2\n  | CLX-SP         | B1       | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2\n  | APL            | D0       | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx\n  | APL            | E0       | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx\n  | SKL-H/S        | R0/N0    | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5\n  | GKL-R          | R0       | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120\n  | ICL-U/Y        | D1       | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile\n  | AML-Y22        | H0       | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile\n  | KBL-U/Y        | H0       | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile\n  | CFL-U43e       | D0       | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile\n  | WHL-U          | W0       | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile\n  | AML-Y42        | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile\n  | CML-Y42        | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile\n  | WHL-U          | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile\n  | KBL-G/H/S/E3   | B0       | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6\n  | CFL-H/S/E3     | U0       | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E\n  | CFL-S          | B0       | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8\n  | CFL-H/S        | P0       | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9\n  | CFL-H          | R0       | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile\n  | CML-U62        | A0       | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "HPE-Helion-OpenStack-8-2020-3514,SUSE-2020-3514,SUSE-OpenStack-Cloud-7-2020-3514,SUSE-OpenStack-Cloud-8-2020-3514,SUSE-OpenStack-Cloud-9-2020-3514,SUSE-OpenStack-Cloud-Crowbar-8-2020-3514,SUSE-OpenStack-Cloud-Crowbar-9-2020-3514,SUSE-SLE-SAP-12-SP2-2020-3514,SUSE-SLE-SAP-12-SP3-2020-3514,SUSE-SLE-SAP-12-SP4-2020-3514,SUSE-SLE-SERVER-12-SP2-2020-3514,SUSE-SLE-SERVER-12-SP2-BCL-2020-3514,SUSE-SLE-SERVER-12-SP3-2020-3514,SUSE-SLE-SERVER-12-SP3-BCL-2020-3514,SUSE-SLE-SERVER-12-SP4-LTSS-2020-3514,SUSE-Storage-5-2020-3514",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3514-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2020:3514-1",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203514-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2020:3514-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007857.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1170446",
        "url": "https://bugzilla.suse.com/1170446"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1173592",
        "url": "https://bugzilla.suse.com/1173592"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1173594",
        "url": "https://bugzilla.suse.com/1173594"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178971",
        "url": "https://bugzilla.suse.com/1178971"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8695 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8695/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8696 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8696/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8698 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8698/"
      }
    ],
    "title": "Security update for ucode-intel",
    "tracking": {
      "current_release_date": "2020-11-25T12:14:12Z",
      "generator": {
        "date": "2020-11-25T12:14:12Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2020:3514-1",
      "initial_release_date": "2020-11-25T12:14:12Z",
      "revision_history": [
        {
          "date": "2020-11-25T12:14:12Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ucode-intel-20201118-13.81.1.i586",
                "product": {
                  "name": "ucode-intel-20201118-13.81.1.i586",
                  "product_id": "ucode-intel-20201118-13.81.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ucode-intel-20201118-13.81.1.x86_64",
                "product": {
                  "name": "ucode-intel-20201118-13.81.1.x86_64",
                  "product_id": "ucode-intel-20201118-13.81.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "HPE Helion OpenStack 8",
                "product": {
                  "name": "HPE Helion OpenStack 8",
                  "product_id": "HPE Helion OpenStack 8",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:hpe-helion-openstack:8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud 7",
                "product": {
                  "name": "SUSE OpenStack Cloud 7",
                  "product_id": "SUSE OpenStack Cloud 7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud:7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud 8",
                "product": {
                  "name": "SUSE OpenStack Cloud 8",
                  "product_id": "SUSE OpenStack Cloud 8",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud:8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud 9",
                "product": {
                  "name": "SUSE OpenStack Cloud 9",
                  "product_id": "SUSE OpenStack Cloud 9",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud:9"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud Crowbar 8",
                "product": {
                  "name": "SUSE OpenStack Cloud Crowbar 8",
                  "product_id": "SUSE OpenStack Cloud Crowbar 8",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud Crowbar 9",
                "product": {
                  "name": "SUSE OpenStack Cloud Crowbar 9",
                  "product_id": "SUSE OpenStack Cloud Crowbar 9",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:9"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP2-BCL",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP2-BCL",
                  "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-bcl:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP3-BCL",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP3-BCL",
                  "product_id": "SUSE Linux Enterprise Server 12 SP3-BCL",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-bcl:12:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Enterprise Storage 5",
                "product": {
                  "name": "SUSE Enterprise Storage 5",
                  "product_id": "SUSE Enterprise Storage 5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:ses:5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201118-13.81.1.x86_64 as component of HPE Helion OpenStack 8",
          "product_id": "HPE Helion OpenStack 8:ucode-intel-20201118-13.81.1.x86_64"
        },
        "product_reference": "ucode-intel-20201118-13.81.1.x86_64",
        "relates_to_product_reference": "HPE Helion OpenStack 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201118-13.81.1.x86_64 as component of SUSE OpenStack Cloud 7",
          "product_id": "SUSE OpenStack Cloud 7:ucode-intel-20201118-13.81.1.x86_64"
        },
        "product_reference": "ucode-intel-20201118-13.81.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201118-13.81.1.x86_64 as component of SUSE OpenStack Cloud 8",
          "product_id": "SUSE OpenStack Cloud 8:ucode-intel-20201118-13.81.1.x86_64"
        },
        "product_reference": "ucode-intel-20201118-13.81.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201118-13.81.1.x86_64 as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:ucode-intel-20201118-13.81.1.x86_64"
        },
        "product_reference": "ucode-intel-20201118-13.81.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201118-13.81.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
          "product_id": "SUSE OpenStack Cloud Crowbar 8:ucode-intel-20201118-13.81.1.x86_64"
        },
        "product_reference": "ucode-intel-20201118-13.81.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201118-13.81.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:ucode-intel-20201118-13.81.1.x86_64"
        },
        "product_reference": "ucode-intel-20201118-13.81.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201118-13.81.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20201118-13.81.1.x86_64"
        },
        "product_reference": "ucode-intel-20201118-13.81.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201118-13.81.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20201118-13.81.1.x86_64"
        },
        "product_reference": "ucode-intel-20201118-13.81.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201118-13.81.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20201118-13.81.1.x86_64"
        },
        "product_reference": "ucode-intel-20201118-13.81.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201118-13.81.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20201118-13.81.1.x86_64"
        },
        "product_reference": "ucode-intel-20201118-13.81.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201118-13.81.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20201118-13.81.1.x86_64"
        },
        "product_reference": "ucode-intel-20201118-13.81.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201118-13.81.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20201118-13.81.1.x86_64"
        },
        "product_reference": "ucode-intel-20201118-13.81.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201118-13.81.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20201118-13.81.1.x86_64"
        },
        "product_reference": "ucode-intel-20201118-13.81.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201118-13.81.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20201118-13.81.1.x86_64"
        },
        "product_reference": "ucode-intel-20201118-13.81.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201118-13.81.1.x86_64 as component of SUSE Enterprise Storage 5",
          "product_id": "SUSE Enterprise Storage 5:ucode-intel-20201118-13.81.1.x86_64"
        },
        "product_reference": "ucode-intel-20201118-13.81.1.x86_64",
        "relates_to_product_reference": "SUSE Enterprise Storage 5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-8695",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8695"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "HPE Helion OpenStack 8:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE Enterprise Storage 5:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE OpenStack Cloud 7:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE OpenStack Cloud 8:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE OpenStack Cloud 9:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:ucode-intel-20201118-13.81.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8695",
          "url": "https://www.suse.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170415 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170415"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170446 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170446"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178591 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1178591"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "HPE Helion OpenStack 8:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Enterprise Storage 5:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE OpenStack Cloud 7:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE OpenStack Cloud 8:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE OpenStack Cloud 9:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:ucode-intel-20201118-13.81.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "HPE Helion OpenStack 8:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Enterprise Storage 5:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE OpenStack Cloud 7:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE OpenStack Cloud 8:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE OpenStack Cloud 9:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:ucode-intel-20201118-13.81.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-25T12:14:12Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8695"
    },
    {
      "cve": "CVE-2020-8696",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8696"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "HPE Helion OpenStack 8:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE Enterprise Storage 5:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE OpenStack Cloud 7:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE OpenStack Cloud 8:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE OpenStack Cloud 9:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:ucode-intel-20201118-13.81.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8696",
          "url": "https://www.suse.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173592 for CVE-2020-8696",
          "url": "https://bugzilla.suse.com/1173592"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "HPE Helion OpenStack 8:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Enterprise Storage 5:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE OpenStack Cloud 7:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE OpenStack Cloud 8:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE OpenStack Cloud 9:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:ucode-intel-20201118-13.81.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "HPE Helion OpenStack 8:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Enterprise Storage 5:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE OpenStack Cloud 7:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE OpenStack Cloud 8:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE OpenStack Cloud 9:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:ucode-intel-20201118-13.81.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-25T12:14:12Z",
          "details": "low"
        }
      ],
      "title": "CVE-2020-8696"
    },
    {
      "cve": "CVE-2020-8698",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8698"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "HPE Helion OpenStack 8:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE Enterprise Storage 5:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE OpenStack Cloud 7:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE OpenStack Cloud 8:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE OpenStack Cloud 9:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:ucode-intel-20201118-13.81.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:ucode-intel-20201118-13.81.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8698",
          "url": "https://www.suse.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173594 for CVE-2020-8698",
          "url": "https://bugzilla.suse.com/1173594"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "HPE Helion OpenStack 8:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Enterprise Storage 5:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE OpenStack Cloud 7:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE OpenStack Cloud 8:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE OpenStack Cloud 9:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:ucode-intel-20201118-13.81.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "HPE Helion OpenStack 8:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Enterprise Storage 5:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE OpenStack Cloud 7:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE OpenStack Cloud 8:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE OpenStack Cloud 9:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:ucode-intel-20201118-13.81.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:ucode-intel-20201118-13.81.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-25T12:14:12Z",
          "details": "low"
        }
      ],
      "title": "CVE-2020-8698"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).\n- CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).\n- CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178123).\n- CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).\n- CVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter() (bsc#1178393).\n- CVE-2020-27777: Restrict RTAS requests from userspace  (bsc#1179107)\n- CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).\n- CVE-2020-28941: Fixed an issue where local attackers on systems with the speakup driver could cause a local denial of service attack (bsc#1178740).\n- CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).\n- CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429).\n- CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666).\n- CVE-2020-8694, CVE-2020-8695: Fixed an insufficient access control in the Linux kernel driver for some Intel(R) Processors which might have allowed an authenticated user to potentially enable information disclosure via local access (bsc#1170415 bsc#1170446)\n- CVE-2020-28368: Fixed Intel RAPL sidechannel attack aka PLATYPUS attack (XSA-351 bsc#1178591).\n- CVE-2020-29369: Fixed a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe (bnc#1173504 bsc#1179432).\n\nThe following non-security bugs were fixed:\n\n- 9P: Cast to loff_t before multiplying (git-fixes).\n- ACPI: button: Add DMI quirk for Medion Akoya E2228T (git-fixes).\n- ACPICA: Add NHLT table signature (bsc#1176200).\n- ACPI: dock: fix enum-conversion warning (git-fixes).\n- ACPI / extlog: Check for RDMSR failure (git-fixes).\n- ACPI: GED: fix -Wformat (git-fixes).\n- ACPI: NFIT: Fix comparison to \u0027-ENXIO\u0027 (git-fixes).\n- ACPI: video: use ACPI backlight for HP 635 Notebook (git-fixes).\n- Add bug reference to two hv_netvsc patches (bsc#1178853).\n- ALSA: ctl: fix error path at adding user-defined element set (git-fixes).\n- ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes).\n- ALSA: fix kernel-doc markups (git-fixes).\n- ALSA: hda: fix jack detection with Realtek codecs when in D3 (git-fixes).\n- ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (git-fixes).\n- ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (git-fixes).\n- ALSA: hda/realtek - Add supported for Lenovo ThinkPad Headset Button (git-fixes).\n- ALSA: hda/realtek - Add supported mute Led for HP (git-fixes).\n- ALSA: hda/realtek - Enable headphone for ASUS TM420 (git-fixes).\n- ALSA: hda/realtek - Fixed HP headset Mic can\u0027t be detected (git-fixes).\n- ALSA: hda/realtek - HP Headset Mic can\u0027t detect after boot (git-fixes).\n- ALSA: hda: Reinstate runtime_allow() for all hda controllers (git-fixes).\n- ALSA: mixart: Fix mutex deadlock (git-fixes).\n- ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes).\n- ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes).\n- ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes).\n- ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes).\n- ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes).\n- arm64: bpf: Fix branch offset in JIT (git-fixes).\n- arm64: dts: allwinner: a64: bananapi-m64: Enable RGMII RX/TX delay on PHY (git-fixes).\n- arm64: dts: allwinner: a64: OrangePi Win: Fix ethernet node (git-fixes).\n- arm64: dts: allwinner: a64: Pine64 Plus: Fix ethernet node (git-fixes).\n- arm64: dts: allwinner: beelink-gs1: Enable both RGMII RX/TX delay (git-fixes).\n- arm64: dts: allwinner: h5: OrangePi PC2: Fix ethernet node (git-fixes).\n- arm64: dts: allwinner: h5: OrangePi Prime: Fix ethernet node (git-fixes).\n- arm64: dts: allwinner: Pine H64: Enable both RGMII RX/TX delay (git-fixes).\n- arm64: dts: fsl: DPAA FMan DMA operations are coherent (git-fixes).\n- arm64: dts: imx8mm: fix voltage for 1.6GHz CPU operating point (git-fixes).\n- arm64: dts: imx8mq: Add missing interrupts to GPC (git-fixes).\n- arm64: dts: imx8mq: Fix TMU interrupt property (git-fixes).\n- arm64: dts: zynqmp: Remove additional compatible string for i2c IPs (git-fixes).\n- arm64: kprobe: add checks for ARMv8.3-PAuth combined instructions (git-fixes).\n- arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs (git-fixes).\n- arm64: Run ARCH_WORKAROUND_2 enabling code on all CPUs (git-fixes).\n- arm64: tegra: Add missing timeout clock to Tegra186 SDMMC nodes (git-fixes).\n- arm64: tegra: Add missing timeout clock to Tegra194 SDMMC nodes (git-fixes).\n- arm64: tegra: Add missing timeout clock to Tegra210 SDMMC (git-fixes).\n- arm64: vdso: Add \u0027-Bsymbolic\u0027 to ldflags (git-fixes).\n- arm64: vdso: Add --eh-frame-hdr to ldflags (git-fixes).\n- ASoC: codecs: wcd9335: Set digital gain range correctly (git-fixes).\n- ASoC: cs42l51: manage mclk shutdown delay (git-fixes).\n- ASoC: Intel: kbl_rt5663_max98927: Fix kabylake_ssp_fixup function (git-fixes).\n- ASoC: qcom: lpass-platform: Fix memory leak (git-fixes).\n- ASoC: qcom: sdm845: set driver name correctly (git-fixes).\n- ath10k: fix VHT NSS calculation when STBC is enabled (git-fixes).\n- ath10k: start recovery process when payload length exceeds max htc length for sdio (git-fixes).\n- batman-adv: set .owner to THIS_MODULE (git-fixes).\n- bnxt_en: Avoid sending firmware messages when AER error is detected (jsc#SLE-8371 bsc#1153274).\n- bnxt_en: Check abort error state in bnxt_open_nic() (jsc#SLE-8371 bsc#1153274).\n- bnxt_en: Fix NULL ptr dereference crash in bnxt_fw_reset_task() (jsc#SLE-8371 bsc#1153274).\n- bnxt_en: Fix regression in workqueue cleanup logic in bnxt_remove_one() (jsc#SLE-8371 bsc#1153274).\n- bnxt_en: Invoke cancel_delayed_work_sync() for PFs also (jsc#SLE-8371 bsc#1153274).\n- bnxt_en: return proper error codes in bnxt_show_temp (git-fixes).\n- bnxt_en: Send HWRM_FUNC_RESET fw command unconditionally (jsc#SLE-8371 bsc#1153274).\n- bpf: Do not rely on GCC __attribute__((optimize)) to disable GCSE (bsc#1155518).\n- bpf: Fix comment for helper bpf_current_task_under_cgroup() (bsc#1155518).\n- bpf: Zero-fill re-used per-cpu map element (bsc#1155518).\n- btrfs: Account for merged patches upstream Move below patches to sorted section.\n- btrfs: cleanup cow block on error (bsc#1178584).\n- btrfs: fix bytes_may_use underflow in prealloc error condtition (bsc#1179217).\n- btrfs: fix metadata reservation for fallocate that leads to transaction aborts (bsc#1179217).\n- btrfs: fix relocation failure due to race with fallocate (bsc#1179217).\n- btrfs: remove item_size member of struct btrfs_clone_extent_info (bsc#1179217).\n- btrfs: rename btrfs_insert_clone_extent() to a more generic name (bsc#1179217).\n- btrfs: rename btrfs_punch_hole_range() to a more generic name (bsc#1179217).\n- btrfs: rename struct btrfs_clone_extent_info to a more generic name (bsc#1179217).\n- btrfs: reschedule if necessary when logging directory items (bsc#1178585).\n- btrfs: send, orphanize first all conflicting inodes when processing references (bsc#1178579).\n- btrfs: send, recompute reference path after orphanization of a directory (bsc#1178581).\n- can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes).\n- can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes).\n- can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() (git-fixes).\n- can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (git-fixes).\n- can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (git-fixes).\n- can: dev: can_restart(): post buffer from the right context (git-fixes).\n- can: flexcan: flexcan_remove(): disable wakeup completely (git-fixes).\n- can: flexcan: flexcan_setup_stop_mode(): add missing \u0027req_bit\u0027 to stop mode property comment (git-fixes).\n- can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A (git-fixes).\n- can: gs_usb: fix endianess problem with candleLight firmware (git-fixes).\n- can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming limits (git-fixes).\n- can: m_can: fix nominal bitiming tseg2 min for version \u003e= 3.1 (git-fixes).\n- can: m_can: m_can_handle_state_change(): fix state change (git-fixes).\n- can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes).\n- can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes).\n- can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (git-fixes).\n- can: peak_usb: add range checking in decode operations (git-fixes).\n- can: peak_usb: fix potential integer overflow on shift of a int (git-fixes).\n- can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (git-fixes).\n- can: rx-offload: do not call kfree_skb() from IRQ context (git-fixes).\n- ceph: add check_session_state() helper and make it global (bsc#1179012).\n- ceph: check session state after bumping session-\u003es_seq (bsc#1179012).\n- ceph: check the sesion state and return false in case it is closed (bsc#1179012).\n- ceph: downgrade warning from mdsmap decode to debug (bsc#1178653).\n- ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635).\n- cfg80211: initialize wdev data earlier (git-fixes).\n- cfg80211: regulatory: Fix inconsistent format argument (git-fixes).\n- cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211).\n- cifs: remove bogus debug code (bsc#1179427).\n- cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426).\n- clk: define to_clk_regmap() as inline function (git-fixes).\n- Convert trailing spaces and periods in path components (bsc#1179424).\n- cosa: Add missing kfree in error path of cosa_write (git-fixes).\n- dax: fix detection of dax support for non-persistent memory block devices (bsc#1171073).\n- dax: Fix stack overflow when mounting fsdax pmem device (bsc#1171073).\n- Delete patches.suse/fs-select.c-batch-user-writes-in-do_sys_poll.patch (bsc#1179419)\n- devlink: Make sure devlink instance and port are in same net namespace (bsc#1154353).\n- docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes).\n- Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU (bsc#1177353, bsc#1179076).\n- Do not create null.i000.ipa-clones file (bsc#1178330) Kbuild cc-option compiles /dev/null file to test for an option availability. Filter out -fdump-ipa-clones so that null.i000.ipa-clones file is not generated in the process.\n- drbd: code cleanup by using sendpage_ok() to check page for kernel_sendpage() (bsc#1172873).\n- drivers/net/ethernet: remove incorrectly formatted doc (bsc#1177397).\n- drivers: watchdog: rdc321x_wdt: Fix race condition bugs (git-fixes).\n- Drop sysctl files for dropped archs, add ppc64le and arm (bsc#1178838). Also correct the page size on ppc64.\n- EDAC/amd64: Cache secondary Chip Select registers (bsc#1179001).\n- EDAC/amd64: Find Chip Select memory size using Address Mask (bsc#1179001).\n- EDAC/amd64: Gather hardware information early (bsc#1179001).\n- EDAC/amd64: Initialize DIMM info for systems with more than two channels (bsc#1179001).\n- EDAC/amd64: Make struct amd64_family_type global (bsc#1179001).\n- EDAC/amd64: Save max number of controllers to family type (bsc#1179001). \n- EDAC/amd64: Support asymmetric dual-rank DIMMs (bsc#1179001).\n- efi: add missed destroy_workqueue when efisubsys_init fails (git-fixes).\n- efi: efibc: check for efivars write capability (git-fixes).\n- efi: EFI_EARLYCON should depend on EFI (git-fixes).\n- efi/efivars: Set generic ops before loading SSDT (git-fixes).\n- efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes).\n- efi/libstub/x86: Work around LLVM ELF quirk build regression (git-fixes).\n- efi: provide empty efi_enter_virtual_mode implementation (git-fixes).\n- efivarfs: fix memory leak in efivarfs_create() (git-fixes).\n- efivarfs: revert \u0027fix memory leak in efivarfs_create()\u0027 (git-fixes).\n- efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper (git-fixes).\n- efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes).\n- efi/x86: Fix the deletion of variables in mixed mode (git-fixes).\n- efi/x86: Free efi_pgd with free_pages() (git-fixes).\n- efi/x86: Handle by-ref arguments covering multiple pages in mixed mode (git-fixes).\n- efi/x86: Ignore the memory attributes table on i386 (git-fixes).\n- efi/x86: Map the entire EFI vendor string before copying it (git-fixes).\n- exfat: fix name_hash computation on big endian systems (git-fixes).\n- exfat: fix overflow issue in exfat_cluster_to_sector() (git-fixes).\n- exfat: fix possible memory leak in exfat_find() (git-fixes).\n- exfat: fix use of uninitialized spinlock on error path (git-fixes).\n- exfat: fix wrong hint_stat initialization in exfat_find_dir_entry() (git-fixes).\n- fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (git-fixes).\n- Fix wrongly set CONFIG_SOUNDWIRE=y (bsc#1179201) CONFIG_SOUNDWIRE was mistakenly set as built-in. Mark it as module.\n- ftrace: Fix recursion check for NMI test (git-fixes).\n- ftrace: Handle tracing when switching between context (git-fixes).\n- futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032).\n- futex: Handle transient \u0027ownerless\u0027 rtmutex state correctly (bsc#1149032).\n- gpio: pcie-idio-24: Enable PEX8311 interrupts (git-fixes).\n- gpio: pcie-idio-24: Fix IRQ Enable Register value (git-fixes).\n- gpio: pcie-idio-24: Fix irq mask when masking (git-fixes).\n- HID: logitech-dj: Fix an error in mse_bluetooth_descriptor (git-fixes).\n- HID: logitech-dj: Fix Dinovo Mini when paired with a MX5x00 receiver (git-fixes).\n- HID: logitech-dj: Handle quad/bluetooth keyboards with a builtin trackpad (git-fixes).\n- HID: logitech-hidpp: Add PID for MX Anywhere 2 (git-fixes).\n- hv_balloon: disable warning when floor reached (git-fixes).\n- hv: clocksource: Add notrace attribute to read_hv_sched_clock_*() functions (git-fixes).\n- hv_netvsc: Add XDP support (bsc#1177820).\n- hv_netvsc: Fix XDP refcnt for synthetic and VF NICs (bsc#1177820).\n- hv_netvsc: make recording RSS hash depend on feature flag (bsc#1177820).\n- hv_netvsc: record hardware hash in skb (bsc#1177820).\n- hwmon: (pwm-fan) Fix RPM calculation (git-fixes).\n- hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306).\n- i2c: mediatek: move dma reset before i2c reset (git-fixes).\n- i2c: sh_mobile: implement atomic transfers (git-fixes).\n- igc: Fix not considering the TX delay for timestamps (bsc#1160634).\n- igc: Fix wrong timestamp latency numbers (bsc#1160634).\n- iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes).\n- iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes).\n- iio: adc: mediatek: fix unset field (git-fixes).\n- iio: light: fix kconfig dependency bug for VCNL4035 (git-fixes).\n- Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes).\n- Input: resistive-adc-touch - fix kconfig dependency on IIO_BUFFER (git-fixes).\n- intel_idle: Customize IceLake server support (bsc#1178286).\n- ionic: check port ptr before use (bsc#1167773).\n- iwlwifi: mvm: write queue_sync_state only for sync (git-fixes).\n- kABI: revert use_mm name change (MM Functionality, bsc#1178426).\n- kABI workaround for HD-audio (git-fixes).\n- kernel: better document the use_mm/unuse_mm API contract (MM Functionality, bsc#1178426).\n- kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082)\n- kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install\n- kernel/watchdog: fix watchdog_allowed_mask not used warning (git-fixes).\n- kgdb: Fix spurious true from in_dbg_master() (git-fixes).\n- kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (git-fixes).\n- KVM: arm64: ARM_SMCCC_ARCH_WORKAROUND_1 does not return SMCCC_RET_NOT_REQUIRED (git-fixes).\n- lan743x: fix \u0027BUG: invalid wait context\u0027 when setting rx mode (git-fixes).\n- lan743x: fix issue causing intermittent kernel log warnings (git-fixes).\n- lan743x: prevent entire kernel HANG on open, for some platforms (git-fixes).\n- leds: bcm6328, bcm6358: use devres LED registering function (git-fixes).\n- libbpf, hashmap: Fix undefined behavior in hash_bits (bsc#1155518).\n- libceph: use sendpage_ok() in ceph_tcp_sendpage() (bsc#1172873).\n- lib/crc32test: remove extra local_irq_disable/enable (git-fixes).\n- libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- lib/strncpy_from_user.c: Mask out bytes after NUL terminator (bsc#1155518).\n- mac80211: always wind down STA state (git-fixes).\n- mac80211: fix use of skb payload instead of header (git-fixes).\n- mac80211: free sta in sta_info_insert_finish() on errors (git-fixes).\n- mac80211: minstrel: fix tx status processing corner case (git-fixes).\n- mac80211: minstrel: remove deferred sampling code (git-fixes).\n- media: imx274: fix frame interval handling (git-fixes).\n- media: platform: Improve queue set up flow for bug fixing (git-fixes).\n- media: tw5864: check status of tw5864_frameinterval_get (git-fixes).\n- media: uvcvideo: Fix dereference of out-of-bound list iterator (git-fixes).\n- media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect (git-fixes).\n- mei: protect mei_cl_mtu from null dereference (git-fixes).\n- memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event (bsc#1177703).\n- mfd: sprd: Add wakeup capability for PMIC IRQ (git-fixes).\n- mmc: renesas_sdhi_core: Add missing tmio_mmc_host_free() at remove (git-fixes).\n- mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (git-fixes).\n- mmc: sdhci-pci: Prefer SDR25 timing for High Speed mode for BYT-based Intel controllers (git-fixes).\n- mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race (MM Functionality, bsc#1178426).\n- mm: fix kthread_use_mm() vs TLB invalidate (MM Functionality, bsc#1178426).\n- mm/gup: allow FOLL_FORCE for get_user_pages_fast() (git fixes (mm/gup)).\n- mm/gup: fix gup_fast with dynamic page table folding (bnc#1176586, LTC#188235).\n- mm/ksm: fix NULL pointer dereference when KSM zero page is enabled (git fixes (mm/ksm)).\n- mm, memcg: fix inconsistent oom event behavior (bsc#1178659).\n- mm/memcg: fix refcount error while moving and swapping (bsc#1178686).\n- mm/memcontrol.c: add missed css_put() (bsc#1178661).\n- mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (git fixes (mm/mempolicy)).\n- mm/swapfile.c: fix potential memory leak in sys_swapon (git-fixes).\n- mm: swap: make page_evictable() inline (git fixes (mm/vmscan)).\n- mm: swap: use smp_mb__after_atomic() to order LRU bit set (git fixes (mm/vmscan)).\n- mm, THP, swap: fix allocating cluster for swapfile by mistake (bsc#1178755).\n- modsign: Add codeSigning EKU when generating X.509 key generation config (bsc#1177353, bsc#1179076).\n- net: add WARN_ONCE in kernel_sendpage() for improper zero-copy send (bsc#1172873).\n- net: ena: Capitalize all log strings and improve code readability (bsc#1177397).\n- net: ena: Change license into format to SPDX in all files (bsc#1177397).\n- net: ena: Change log message to netif/dev function (bsc#1177397).\n- net: ena: Change RSS related macros and variables names (bsc#1177397).\n- net: ena: ethtool: Add new device statistics (bsc#1177397).\n- net: ena: ethtool: add stats printing to XDP queues (bsc#1177397).\n- net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397).\n- net: ena: Fix all static chekers\u0027 warnings (bsc#1177397).\n- net: ena: fix packet\u0027s addresses for rx_offset feature (bsc#1174852).\n- net: ena: handle bad request id in ena_netdev (bsc#1174852).\n- net: ena: Remove redundant print of placement policy (bsc#1177397).\n- net: ena: xdp: add queue counters for xdp actions (bsc#1177397).\n- net: fix pos incrementment in ipv6_route_seq_next (bsc#1154353).\n- net: introduce helper sendpage_ok() in include/linux/net.h (bsc#1172873). kABI workaround for including mm.h in include/linux/net.h (bsc#1172873).\n- net/mlx5: Clear bw_share upon VF disable (jsc#SLE-8464).\n- net/mlx5: E-Switch, Fail mlx5_esw_modify_vport_rate if qos disabled (jsc#SLE-8464).\n- net: mscc: ocelot: fix race condition with TX timestamping (bsc#1178461).\n- net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (git-fixes).\n- nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes).\n- NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139).\n- NFSv4: Handle NFS4ERR_OLD_STATEID in CLOSE/OPEN_DOWNGRADE (bsc#1176180).\n- NFSv4: Wait for stateid updates after CLOSE/OPEN_DOWNGRADE (bsc#1176180).\n- NFSv4.x recover from pre-mature loss of openstateid (bsc#1176180).\n- nvme: do not update disk info for multipathed device (bsc#1171558).\n- nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage() (bsc#1172873).\n- p54: avoid accessing the data mapped to streaming DMA (git-fixes).\n- PCI/ACPI: Whitelist hotplug ports for D3 if power managed by ACPI (git-fixes).\n- pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes).\n- pinctrl: amd: use higher precision for 512 RtcClk (git-fixes).\n- pinctrl: aspeed: Fix GPI only function problem (git-fixes).\n- pinctrl: intel: Set default bias in case no particular value given (git-fixes).\n- platform/x86: thinkpad_acpi: Send tablet mode switch at wakeup time (git-fixes).\n- platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes).\n- PM: runtime: Drop runtime PM references to supplier on link removal (git-fixes).\n- powerpc/64s/radix: Fix mm_cpumask trimming race vs kthread_use_mm (MM Functionality, bsc#1178426).\n- powerpc: Inline doorbell sending functions (jsc#SLE-15869 jsc#SLE-16321).\n- powerpc/perf: consolidate GPCI hcall structs into asm/hvcall.h (jsc#SLE-16360 jsc#SLE-16915).\n- powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pseries: Add KVM guest doorbell restrictions (jsc#SLE-15869 jsc#SLE-16321).\n- powerpc/pseries: new lparcfg key/value pair: partition_affinity_score (jsc#SLE-16360 jsc#SLE-16915).\n- powerpc/pseries: Use doorbells even if XIVE is available (jsc#SLE-15869 jsc#SLE-16321).\n- powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM (MM Functionality, bsc#1178426).\n- powerpc/vnic: Extend \u0027failover pending\u0027 window (bsc#1176855 ltc#187293).\n- power: supply: bq27xxx: report \u0027not charging\u0027 on all types (git-fixes).\n- power: supply: test_power: add missing newlines when printing parameters by sysfs (git-fixes).\n- qla2xxx: Add MODULE_VERSION back to driver (bsc#1179160).\n- RDMA/hns: Fix retry_cnt and rnr_cnt when querying QP (jsc#SLE-8449).\n- RDMA/hns: Fix the wrong value of rnr_retry when querying qp (jsc#SLE-8449).\n- RDMA/hns: Fix wrong field of SRQ number the device supports (jsc#SLE-8449).\n- RDMA/hns: Solve the overflow of the calc_pg_sz() (jsc#SLE-8449).\n- RDMA/mlx5: Fix devlink deadlock on net namespace deletion (jsc#SLE-8464).\n- RDMA/qedr: Fix return code if accept is called on a destroyed qp (jsc#SLE-8215).\n- RDMA/ucma: Add missing locking around rdma_leave_multicast() (git-fixes).\n- reboot: fix overflow parsing reboot cpu number (git-fixes).\n- Refresh patches.suse/vfs-add-super_operations-get_inode_dev. (bsc#1176983) \n- regulator: avoid resolve_supply() infinite recursion (git-fixes).\n- regulator: defer probe when trying to get voltage from unresolved supply (git-fixes).\n- regulator: fix memory leak with repeated set_machine_constraints() (git-fixes).\n- regulator: pfuze100: limit pfuze-support-disable-sw to pfuze{100,200} (git-fixes).\n- regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes).\n- regulator: workaround self-referent regulators (git-fixes).\n- Revert \u0027kernel/reboot.c: convert simple_strtoul to kstrtoint\u0027 (git-fixes).\n- Revert \u0027xfs: complain if anyone tries to create a too-large buffer\u0027 (bsc#1179425, bsc#1179550)\n- rfkill: Fix use-after-free in rfkill_resume() (git-fixes).\n- ring-buffer: Fix recursion protection transitions between interrupt context (git-fixes).\n- rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014) Author: Dominique Leuenberger -\u003cdimstar@opensuse.org\u003e\n- rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) %split_extra still contained two.\n- rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045) egrep is only a deprecated bash wrapper for \u0027grep -E\u0027. So use the latter instead.\n- rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401)\n- rpm/kernel-{source,binary}.spec: do not include ghost symlinks (bsc#1179082).\n- rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one). There is: ExportFilter: ^kernel-obs-build.*\\.x86_64.rpm$ . i586 in Factory\u0027s prjconf now. No other actively maintained distro (i.e. merging packaging branch) builds a x86_32 kernel, hence pushing to packaging directly.\n- s390/bpf: Fix multiple tail calls (git-fixes).\n- s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175918 LTC#187935).\n- s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes).\n- s390/dasd: fix null pointer dereference for ERP requests (git-fixes).\n- s390/pkey: fix paes selftest failure with paes and pkey static build (git-fixes).\n- s390/zcrypt: fix kmalloc 256k failure (bsc#1177066 LTC#188341).\n- s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (bsc#1177070 LTC#188342).\n- sched/fair: Ensure tasks spreading in LLC during LB (git fixes (sched)).\n- sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list (git fixes (sched)).\n- sched: Fix loadavg accounting race on arm64 kabi (bnc#1178227).\n- sched: Fix rq-\u003enr_iowait ordering (git fixes (sched)).\n- scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section\n- scsi: libiscsi: Fix NOP race condition (bsc#1176481).\n- scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map() (bsc#1172873).\n- serial: 8250_mtk: Fix uart_get_baud_rate warning (git-fixes).\n- serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (git-fixes).\n- spi: lpspi: Fix use-after-free on unbind (git-fixes).\n- staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice (git-fixes).\n- staging: octeon: Drop on uncorrectable alignment or FCS error (git-fixes).\n- staging: octeon: repair \u0027fixed-link\u0027 support (git-fixes).\n- staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes).\n- SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1154353).\n- SUNRPC: Fix general protection fault in trace_rpc_xdr_overflow() (git-fixes).\n- svcrdma: fix bounce buffers for unaligned offsets and multiple pages (git-fixes).\n- tcp: use sendpage_ok() to detect misused .sendpage (bsc#1172873).\n- thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() (git-fixes).\n- thunderbolt: Fix memory leak if ida_simple_get() fails in enumerate_services() (git-fixes).\n- timer: Fix wheel index calculation on last level (git-fixes).\n- timer: Prevent base-\u003eclk from moving backward (git-fixes).\n- tpm: efi: Do not create binary_bios_measurements file for an empty log (git-fixes).\n- tpm_tis: Disable interrupts on ThinkPad T490s (git-fixes).\n- tracing: Fix out of bounds write in get_trace_buf (git-fixes).\n- tty: serial: fsl_lpuart: add LS1028A support (git-fixes).\n- tty: serial: fsl_lpuart: LS1021A had a FIFO size of 16 words, like LS1028A (git-fixes).\n- tty: serial: imx: fix potential deadlock (git-fixes).\n- tty: serial: imx: keep console clocks always on (git-fixes).\n- uio: Fix use-after-free in uio_unregister_device() (git-fixes).\n- uio: free uio id after uio file node is freed (git-fixes).\n- USB: Add NO_LPM quirk for Kingston flash drive (git-fixes).\n- USB: adutux: fix debugging (git-fixes).\n- USB: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes).\n- USB: cdc-acm: fix cooldown mechanism (git-fixes).\n- USB: core: Change %pK for __user pointers to %px (git-fixes).\n- USB: core: driver: fix stray tabs in error messages (git-fixes).\n- USB: core: Fix regression in Hercules audio card (git-fixes).\n- USB: gadget: Fix memleak in gadgetfs_fill_super (git-fixes).\n- USB: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes).\n- USB: gadget: goku_udc: fix potential crashes in probe (git-fixes).\n- USB: host: fsl-mph-dr-of: check return of dma_set_mask() (git-fixes).\n- USB: mtu3: fix panic in mtu3_gadget_stop() (git-fixes).\n- USB: serial: cyberjack: fix write-URB completion race (git-fixes).\n- USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (git-fixes).\n- USB: serial: option: add Quectel EC200T module support (git-fixes).\n- USB: serial: option: add Telit FN980 composition 0x1055 (git-fixes).\n- USB: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart (git-fixes).\n- USB: typec: tcpm: reset hard_reset_count for any disconnect (git-fixes).\n- USB: xhci: omit duplicate actions when suspending a runtime suspended host (git-fixes).\n- video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes).\n- video: hyperv_fb: include vmalloc.h (git-fixes).\n- video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306).\n- video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306).\n- video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306).\n- virtio: virtio_console: fix DMA memory allocation for rproc serial (git-fixes).\n- vt: Disable KD_FONT_OP_COPY (bsc#1178589).\n- x86/hyperv: Clarify comment on x2apic mode (git-fixes).\n- x86/i8259: Use printk_deferred() to prevent deadlock (git-fixes).\n- x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306).\n- x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1152489).\n- x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1152489).\n- xfs: complain if anyone tries to create a too-large buffer log item (bsc#1166146).\n- xfs: do not update mtime on COW faults (bsc#1167030).\n- xfs: fix a missing unlock on error in xfs_fs_map_blocks (git-fixes).\n- xfs: fix brainos in the refcount scrubber\u0027s rmap fragment processor (git-fixes).\n- xfs: fix flags argument to rmap lookup when converting shared file rmaps (git-fixes).\n- xfs: fix rmap key and record comparison functions (git-fixes).\n- xfs: fix scrub flagging rtinherit even if there is no rt device (git-fixes).\n- xfs: flush new eof page on truncate to avoid post-eof corruption (git-fixes).\n- xfs: introduce XFS_MAX_FILEOFF (bsc#1166166).\n- xfs: prohibit fs freezing when using empty transactions (bsc#1179442).\n- xfs: remove unused variable \u0027done\u0027 (bsc#1166166).\n- xfs: revert \u0027xfs: fix rmap key and record comparison functions\u0027 (git-fixes).\n- xfs: set the unwritten bit in rmap lookup flags in xchk_bmap_get_rmapextents (git-fixes).\n- xfs: set xefi_discard when creating a deferred agfl free log intent item (git-fixes).\n- xfs: truncate should remove all blocks, not just to the end of the page cache (bsc#1166166).\n- xhci: Fix sizeof() mismatch (git-fixes).\n- xhci: hisilicon: fix refercence leak in xhci_histb_probe (git-fixes).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2020-3713,SUSE-SLE-Module-Public-Cloud-15-SP2-2020-3713",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3713-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2020:3713-1",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203713-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2020:3713-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/007937.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1149032",
        "url": "https://bugzilla.suse.com/1149032"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1152489",
        "url": "https://bugzilla.suse.com/1152489"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1153274",
        "url": "https://bugzilla.suse.com/1153274"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1154353",
        "url": "https://bugzilla.suse.com/1154353"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1154852",
        "url": "https://bugzilla.suse.com/1154852"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1155518",
        "url": "https://bugzilla.suse.com/1155518"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1160634",
        "url": "https://bugzilla.suse.com/1160634"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1166146",
        "url": "https://bugzilla.suse.com/1166146"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1166166",
        "url": "https://bugzilla.suse.com/1166166"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1167030",
        "url": "https://bugzilla.suse.com/1167030"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1167773",
        "url": "https://bugzilla.suse.com/1167773"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1170139",
        "url": "https://bugzilla.suse.com/1170139"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1170415",
        "url": "https://bugzilla.suse.com/1170415"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1170446",
        "url": "https://bugzilla.suse.com/1170446"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1171073",
        "url": "https://bugzilla.suse.com/1171073"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1171558",
        "url": "https://bugzilla.suse.com/1171558"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1172873",
        "url": "https://bugzilla.suse.com/1172873"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1174527",
        "url": "https://bugzilla.suse.com/1174527"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1175306",
        "url": "https://bugzilla.suse.com/1175306"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1175918",
        "url": "https://bugzilla.suse.com/1175918"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1176109",
        "url": "https://bugzilla.suse.com/1176109"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1176180",
        "url": "https://bugzilla.suse.com/1176180"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1176200",
        "url": "https://bugzilla.suse.com/1176200"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1176481",
        "url": "https://bugzilla.suse.com/1176481"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1176586",
        "url": "https://bugzilla.suse.com/1176586"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1176855",
        "url": "https://bugzilla.suse.com/1176855"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1176983",
        "url": "https://bugzilla.suse.com/1176983"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1177066",
        "url": "https://bugzilla.suse.com/1177066"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1177070",
        "url": "https://bugzilla.suse.com/1177070"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1177353",
        "url": "https://bugzilla.suse.com/1177353"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1177397",
        "url": "https://bugzilla.suse.com/1177397"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1177666",
        "url": "https://bugzilla.suse.com/1177666"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1177703",
        "url": "https://bugzilla.suse.com/1177703"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1177820",
        "url": "https://bugzilla.suse.com/1177820"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178123",
        "url": "https://bugzilla.suse.com/1178123"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178182",
        "url": "https://bugzilla.suse.com/1178182"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178227",
        "url": "https://bugzilla.suse.com/1178227"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178286",
        "url": "https://bugzilla.suse.com/1178286"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178304",
        "url": "https://bugzilla.suse.com/1178304"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178330",
        "url": "https://bugzilla.suse.com/1178330"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178393",
        "url": "https://bugzilla.suse.com/1178393"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178401",
        "url": "https://bugzilla.suse.com/1178401"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178426",
        "url": "https://bugzilla.suse.com/1178426"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178461",
        "url": "https://bugzilla.suse.com/1178461"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178579",
        "url": "https://bugzilla.suse.com/1178579"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178581",
        "url": "https://bugzilla.suse.com/1178581"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178584",
        "url": "https://bugzilla.suse.com/1178584"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178585",
        "url": "https://bugzilla.suse.com/1178585"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178589",
        "url": "https://bugzilla.suse.com/1178589"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178591",
        "url": "https://bugzilla.suse.com/1178591"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178635",
        "url": "https://bugzilla.suse.com/1178635"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178653",
        "url": "https://bugzilla.suse.com/1178653"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178659",
        "url": "https://bugzilla.suse.com/1178659"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178661",
        "url": "https://bugzilla.suse.com/1178661"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178669",
        "url": "https://bugzilla.suse.com/1178669"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178686",
        "url": "https://bugzilla.suse.com/1178686"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178740",
        "url": "https://bugzilla.suse.com/1178740"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178755",
        "url": "https://bugzilla.suse.com/1178755"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178762",
        "url": "https://bugzilla.suse.com/1178762"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178838",
        "url": "https://bugzilla.suse.com/1178838"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178853",
        "url": "https://bugzilla.suse.com/1178853"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178886",
        "url": "https://bugzilla.suse.com/1178886"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179001",
        "url": "https://bugzilla.suse.com/1179001"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179012",
        "url": "https://bugzilla.suse.com/1179012"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179014",
        "url": "https://bugzilla.suse.com/1179014"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179015",
        "url": "https://bugzilla.suse.com/1179015"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179045",
        "url": "https://bugzilla.suse.com/1179045"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179076",
        "url": "https://bugzilla.suse.com/1179076"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179082",
        "url": "https://bugzilla.suse.com/1179082"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179107",
        "url": "https://bugzilla.suse.com/1179107"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179140",
        "url": "https://bugzilla.suse.com/1179140"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179141",
        "url": "https://bugzilla.suse.com/1179141"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179160",
        "url": "https://bugzilla.suse.com/1179160"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179201",
        "url": "https://bugzilla.suse.com/1179201"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179211",
        "url": "https://bugzilla.suse.com/1179211"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179217",
        "url": "https://bugzilla.suse.com/1179217"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179419",
        "url": "https://bugzilla.suse.com/1179419"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179424",
        "url": "https://bugzilla.suse.com/1179424"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179425",
        "url": "https://bugzilla.suse.com/1179425"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179426",
        "url": "https://bugzilla.suse.com/1179426"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179427",
        "url": "https://bugzilla.suse.com/1179427"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179429",
        "url": "https://bugzilla.suse.com/1179429"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179432",
        "url": "https://bugzilla.suse.com/1179432"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179442",
        "url": "https://bugzilla.suse.com/1179442"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179550",
        "url": "https://bugzilla.suse.com/1179550"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179802",
        "url": "https://bugzilla.suse.com/1179802"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-15436 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-15436/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-15437 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-15437/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-25668 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-25668/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-25669 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-25669/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-25704 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-25704/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-27777 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-27777/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-28368 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-28368/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-28915 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-28915/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-28941 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-28941/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-28974 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-28974/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-29369 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-29369/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-29371 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-29371/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-4788 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-4788/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8694 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8694/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8695 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8695/"
      }
    ],
    "title": "Security update for the Linux Kernel",
    "tracking": {
      "current_release_date": "2020-12-08T17:34:50Z",
      "generator": {
        "date": "2020-12-08T17:34:50Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2020:3713-1",
      "initial_release_date": "2020-12-08T17:34:50Z",
      "revision_history": [
        {
          "date": "2020-12-08T17:34:50Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-devel-azure-5.3.18-18.29.1.noarch",
                "product": {
                  "name": "kernel-devel-azure-5.3.18-18.29.1.noarch",
                  "product_id": "kernel-devel-azure-5.3.18-18.29.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-azure-5.3.18-18.29.1.noarch",
                "product": {
                  "name": "kernel-source-azure-5.3.18-18.29.1.noarch",
                  "product_id": "kernel-source-azure-5.3.18-18.29.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cluster-md-kmp-azure-5.3.18-18.29.1.x86_64",
                "product": {
                  "name": "cluster-md-kmp-azure-5.3.18-18.29.1.x86_64",
                  "product_id": "cluster-md-kmp-azure-5.3.18-18.29.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "dlm-kmp-azure-5.3.18-18.29.1.x86_64",
                "product": {
                  "name": "dlm-kmp-azure-5.3.18-18.29.1.x86_64",
                  "product_id": "dlm-kmp-azure-5.3.18-18.29.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "gfs2-kmp-azure-5.3.18-18.29.1.x86_64",
                "product": {
                  "name": "gfs2-kmp-azure-5.3.18-18.29.1.x86_64",
                  "product_id": "gfs2-kmp-azure-5.3.18-18.29.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-azure-5.3.18-18.29.1.x86_64",
                "product": {
                  "name": "kernel-azure-5.3.18-18.29.1.x86_64",
                  "product_id": "kernel-azure-5.3.18-18.29.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-azure-devel-5.3.18-18.29.1.x86_64",
                "product": {
                  "name": "kernel-azure-devel-5.3.18-18.29.1.x86_64",
                  "product_id": "kernel-azure-devel-5.3.18-18.29.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-azure-extra-5.3.18-18.29.1.x86_64",
                "product": {
                  "name": "kernel-azure-extra-5.3.18-18.29.1.x86_64",
                  "product_id": "kernel-azure-extra-5.3.18-18.29.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-azure-livepatch-devel-5.3.18-18.29.1.x86_64",
                "product": {
                  "name": "kernel-azure-livepatch-devel-5.3.18-18.29.1.x86_64",
                  "product_id": "kernel-azure-livepatch-devel-5.3.18-18.29.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-syms-azure-5.3.18-18.29.1.x86_64",
                "product": {
                  "name": "kernel-syms-azure-5.3.18-18.29.1.x86_64",
                  "product_id": "kernel-syms-azure-5.3.18-18.29.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kselftests-kmp-azure-5.3.18-18.29.1.x86_64",
                "product": {
                  "name": "kselftests-kmp-azure-5.3.18-18.29.1.x86_64",
                  "product_id": "kselftests-kmp-azure-5.3.18-18.29.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ocfs2-kmp-azure-5.3.18-18.29.1.x86_64",
                "product": {
                  "name": "ocfs2-kmp-azure-5.3.18-18.29.1.x86_64",
                  "product_id": "ocfs2-kmp-azure-5.3.18-18.29.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "reiserfs-kmp-azure-5.3.18-18.29.1.x86_64",
                "product": {
                  "name": "reiserfs-kmp-azure-5.3.18-18.29.1.x86_64",
                  "product_id": "reiserfs-kmp-azure-5.3.18-18.29.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Public Cloud 15 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Public Cloud 15 SP2",
                  "product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-public-cloud:15:sp2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-azure-5.3.18-18.29.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64"
        },
        "product_reference": "kernel-azure-5.3.18-18.29.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-azure-devel-5.3.18-18.29.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64"
        },
        "product_reference": "kernel-azure-devel-5.3.18-18.29.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-devel-azure-5.3.18-18.29.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch"
        },
        "product_reference": "kernel-devel-azure-5.3.18-18.29.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-azure-5.3.18-18.29.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch"
        },
        "product_reference": "kernel-source-azure-5.3.18-18.29.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-syms-azure-5.3.18-18.29.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
        },
        "product_reference": "kernel-syms-azure-5.3.18-18.29.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-15436",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-15436"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-15436",
          "url": "https://www.suse.com/security/cve/CVE-2020-15436"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179141 for CVE-2020-15436",
          "url": "https://bugzilla.suse.com/1179141"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-08T17:34:50Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-15436"
    },
    {
      "cve": "CVE-2020-15437",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-15437"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p-\u003eserial_in pointer which uninitialized.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-15437",
          "url": "https://www.suse.com/security/cve/CVE-2020-15437"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179140 for CVE-2020-15437",
          "url": "https://bugzilla.suse.com/1179140"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-08T17:34:50Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-15437"
    },
    {
      "cve": "CVE-2020-25668",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-25668"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-25668",
          "url": "https://www.suse.com/security/cve/CVE-2020-25668"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178123 for CVE-2020-25668",
          "url": "https://bugzilla.suse.com/1178123"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178622 for CVE-2020-25668",
          "url": "https://bugzilla.suse.com/1178622"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1196914 for CVE-2020-25668",
          "url": "https://bugzilla.suse.com/1196914"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-08T17:34:50Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-25668"
    },
    {
      "cve": "CVE-2020-25669",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-25669"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-25669",
          "url": "https://www.suse.com/security/cve/CVE-2020-25669"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178182 for CVE-2020-25669",
          "url": "https://bugzilla.suse.com/1178182"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-08T17:34:50Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-25669"
    },
    {
      "cve": "CVE-2020-25704",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-25704"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-25704",
          "url": "https://www.suse.com/security/cve/CVE-2020-25704"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178393 for CVE-2020-25704",
          "url": "https://bugzilla.suse.com/1178393"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-08T17:34:50Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-25704"
    },
    {
      "cve": "CVE-2020-27777",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-27777"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-27777",
          "url": "https://www.suse.com/security/cve/CVE-2020-27777"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179107 for CVE-2020-27777",
          "url": "https://bugzilla.suse.com/1179107"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179419 for CVE-2020-27777",
          "url": "https://bugzilla.suse.com/1179419"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200343 for CVE-2020-27777",
          "url": "https://bugzilla.suse.com/1200343"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220060 for CVE-2020-27777",
          "url": "https://bugzilla.suse.com/1220060"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-08T17:34:50Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-27777"
    },
    {
      "cve": "CVE-2020-28368",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-28368"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a \"Platypus\" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-28368",
          "url": "https://www.suse.com/security/cve/CVE-2020-28368"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178591 for CVE-2020-28368",
          "url": "https://bugzilla.suse.com/1178591"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2020-28368",
          "url": "https://bugzilla.suse.com/1178658"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-08T17:34:50Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-28368"
    },
    {
      "cve": "CVE-2020-28915",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-28915"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-28915",
          "url": "https://www.suse.com/security/cve/CVE-2020-28915"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178886 for CVE-2020-28915",
          "url": "https://bugzilla.suse.com/1178886"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-08T17:34:50Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-28915"
    },
    {
      "cve": "CVE-2020-28941",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-28941"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-28941",
          "url": "https://www.suse.com/security/cve/CVE-2020-28941"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178740 for CVE-2020-28941",
          "url": "https://bugzilla.suse.com/1178740"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-08T17:34:50Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-28941"
    },
    {
      "cve": "CVE-2020-28974",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-28974"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-28974",
          "url": "https://www.suse.com/security/cve/CVE-2020-28974"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178589 for CVE-2020-28974",
          "url": "https://bugzilla.suse.com/1178589"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-08T17:34:50Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-28974"
    },
    {
      "cve": "CVE-2020-29369",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-29369"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-29369",
          "url": "https://www.suse.com/security/cve/CVE-2020-29369"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173504 for CVE-2020-29369",
          "url": "https://bugzilla.suse.com/1173504"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179432 for CVE-2020-29369",
          "url": "https://bugzilla.suse.com/1179432"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179646 for CVE-2020-29369",
          "url": "https://bugzilla.suse.com/1179646"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1182109 for CVE-2020-29369",
          "url": "https://bugzilla.suse.com/1182109"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-08T17:34:50Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-29369"
    },
    {
      "cve": "CVE-2020-29371",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-29371"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-29371",
          "url": "https://www.suse.com/security/cve/CVE-2020-29371"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179429 for CVE-2020-29371",
          "url": "https://bugzilla.suse.com/1179429"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-08T17:34:50Z",
          "details": "low"
        }
      ],
      "title": "CVE-2020-29371"
    },
    {
      "cve": "CVE-2020-4788",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-4788"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-4788",
          "url": "https://www.suse.com/security/cve/CVE-2020-4788"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1177666 for CVE-2020-4788",
          "url": "https://bugzilla.suse.com/1177666"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1181158 for CVE-2020-4788",
          "url": "https://bugzilla.suse.com/1181158"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-08T17:34:50Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-4788"
    },
    {
      "cve": "CVE-2020-8694",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8694"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8694",
          "url": "https://www.suse.com/security/cve/CVE-2020-8694"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170415 for CVE-2020-8694",
          "url": "https://bugzilla.suse.com/1170415"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170446 for CVE-2020-8694",
          "url": "https://bugzilla.suse.com/1170446"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178591 for CVE-2020-8694",
          "url": "https://bugzilla.suse.com/1178591"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178700 for CVE-2020-8694",
          "url": "https://bugzilla.suse.com/1178700"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179661 for CVE-2020-8694",
          "url": "https://bugzilla.suse.com/1179661"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-08T17:34:50Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8694"
    },
    {
      "cve": "CVE-2020-8695",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8695"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
          "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8695",
          "url": "https://www.suse.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170415 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170415"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170446 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170446"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178591 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1178591"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-azure-devel-5.3.18-18.29.1.x86_64",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-devel-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-source-azure-5.3.18-18.29.1.noarch",
            "SUSE Linux Enterprise Module for Public Cloud 15 SP2:kernel-syms-azure-5.3.18-18.29.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-08T17:34:50Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8695"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for docker-stable",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for docker-stable fixes the following issues:\n\n- Include historical changelog data from before the docker-stable fork. The\n  initial changelog entry did technically provide all the necessary\n  information, but our CVE tracking tools do not understand how the package is\n  forked and so it seems that this package does not include fixes for ~12 years\n  of updates. So, include a copy of the original package\u0027s changelog up until\n  the fork point. (bsc#1250596)\n\n- Remove git-core recommends on SLE. Most SLE systems have\n  installRecommends=yes by default and thus end up installing git with Docker.\n  bsc#1250508\n\n  This feature is mostly intended for developers (\u0027docker build git://\u0027) so\n  most users already have the dependency installed, and the error when git is\n  missing is fairly straightforward (so they can easily figure out what they\n  need to install).\n\n- Backport \u003chttps://github.com/moby/moby/pull/48517\u003e. bsc#1247362\n\n- Update to docker-buildx v0.25.0. Upstream changelog:\n  \u003chttps://github.com/docker/buildx/releases/tag/v0.25.0\u003e\n\n- Do not try to inject SUSEConnect secrets when in Rootless Docker mode, as\n  Docker does not have permission to access the host zypper credentials in this\n  mode (and unprivileged users cannot disable the feature using\n  /etc/docker/suse-secrets-enable.) bsc#1240150\n\n- Initial docker-stable fork, forked from Docker 24.0.7-ce release\n  (packaged on 2024-02-14). The original changelog is included below for\n  historical reference.\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2025-3540,SUSE-SLE-SERVER-12-SP5-LTSS-2025-3540,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-3540",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03540-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:03540-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503540-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:03540-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042077.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1001161",
        "url": "https://bugzilla.suse.com/1001161"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1004490",
        "url": "https://bugzilla.suse.com/1004490"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1007249",
        "url": "https://bugzilla.suse.com/1007249"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1009961",
        "url": "https://bugzilla.suse.com/1009961"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1012568",
        "url": "https://bugzilla.suse.com/1012568"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1015661",
        "url": "https://bugzilla.suse.com/1015661"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1016307",
        "url": "https://bugzilla.suse.com/1016307"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1016992",
        "url": "https://bugzilla.suse.com/1016992"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1019251",
        "url": "https://bugzilla.suse.com/1019251"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1020806",
        "url": "https://bugzilla.suse.com/1020806"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1021227",
        "url": "https://bugzilla.suse.com/1021227"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1026827",
        "url": "https://bugzilla.suse.com/1026827"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1028638",
        "url": "https://bugzilla.suse.com/1028638"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1028639",
        "url": "https://bugzilla.suse.com/1028639"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1029320",
        "url": "https://bugzilla.suse.com/1029320"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1029630",
        "url": "https://bugzilla.suse.com/1029630"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1030702",
        "url": "https://bugzilla.suse.com/1030702"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1032287",
        "url": "https://bugzilla.suse.com/1032287"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1032644",
        "url": "https://bugzilla.suse.com/1032644"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1034053",
        "url": "https://bugzilla.suse.com/1034053"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1034063",
        "url": "https://bugzilla.suse.com/1034063"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1037436",
        "url": "https://bugzilla.suse.com/1037436"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1037607",
        "url": "https://bugzilla.suse.com/1037607"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1038476",
        "url": "https://bugzilla.suse.com/1038476"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1038493",
        "url": "https://bugzilla.suse.com/1038493"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1045628",
        "url": "https://bugzilla.suse.com/1045628"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1046024",
        "url": "https://bugzilla.suse.com/1046024"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1047218",
        "url": "https://bugzilla.suse.com/1047218"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1048046",
        "url": "https://bugzilla.suse.com/1048046"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1051429",
        "url": "https://bugzilla.suse.com/1051429"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1055676",
        "url": "https://bugzilla.suse.com/1055676"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1057743",
        "url": "https://bugzilla.suse.com/1057743"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1058173",
        "url": "https://bugzilla.suse.com/1058173"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1059011",
        "url": "https://bugzilla.suse.com/1059011"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1064781",
        "url": "https://bugzilla.suse.com/1064781"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1065609",
        "url": "https://bugzilla.suse.com/1065609"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1066210",
        "url": "https://bugzilla.suse.com/1066210"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1066801",
        "url": "https://bugzilla.suse.com/1066801"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1069468",
        "url": "https://bugzilla.suse.com/1069468"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1069758",
        "url": "https://bugzilla.suse.com/1069758"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1072798",
        "url": "https://bugzilla.suse.com/1072798"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1073877",
        "url": "https://bugzilla.suse.com/1073877"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1074971",
        "url": "https://bugzilla.suse.com/1074971"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1080978",
        "url": "https://bugzilla.suse.com/1080978"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1084533",
        "url": "https://bugzilla.suse.com/1084533"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1085117",
        "url": "https://bugzilla.suse.com/1085117"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1085380",
        "url": "https://bugzilla.suse.com/1085380"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1086185",
        "url": "https://bugzilla.suse.com/1086185"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1089732",
        "url": "https://bugzilla.suse.com/1089732"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1095817",
        "url": "https://bugzilla.suse.com/1095817"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1096726",
        "url": "https://bugzilla.suse.com/1096726"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1099277",
        "url": "https://bugzilla.suse.com/1099277"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1100331",
        "url": "https://bugzilla.suse.com/1100331"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1100727",
        "url": "https://bugzilla.suse.com/1100727"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1102522",
        "url": "https://bugzilla.suse.com/1102522"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1104821",
        "url": "https://bugzilla.suse.com/1104821"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1105000",
        "url": "https://bugzilla.suse.com/1105000"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1108038",
        "url": "https://bugzilla.suse.com/1108038"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1112980",
        "url": "https://bugzilla.suse.com/1112980"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1113313",
        "url": "https://bugzilla.suse.com/1113313"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1114832",
        "url": "https://bugzilla.suse.com/1114832"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1115464",
        "url": "https://bugzilla.suse.com/1115464"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1118897",
        "url": "https://bugzilla.suse.com/1118897"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1118898",
        "url": "https://bugzilla.suse.com/1118898"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1118899",
        "url": "https://bugzilla.suse.com/1118899"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1118990",
        "url": "https://bugzilla.suse.com/1118990"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1119634",
        "url": "https://bugzilla.suse.com/1119634"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1121412",
        "url": "https://bugzilla.suse.com/1121412"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1121768",
        "url": "https://bugzilla.suse.com/1121768"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1122469",
        "url": "https://bugzilla.suse.com/1122469"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124308",
        "url": "https://bugzilla.suse.com/1124308"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1128376",
        "url": "https://bugzilla.suse.com/1128376"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1128746",
        "url": "https://bugzilla.suse.com/1128746"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1134068",
        "url": "https://bugzilla.suse.com/1134068"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1138920",
        "url": "https://bugzilla.suse.com/1138920"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1139649",
        "url": "https://bugzilla.suse.com/1139649"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1142160",
        "url": "https://bugzilla.suse.com/1142160"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1142413",
        "url": "https://bugzilla.suse.com/1142413"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1143349",
        "url": "https://bugzilla.suse.com/1143349"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1150397",
        "url": "https://bugzilla.suse.com/1150397"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1153367",
        "url": "https://bugzilla.suse.com/1153367"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1157330",
        "url": "https://bugzilla.suse.com/1157330"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1158590",
        "url": "https://bugzilla.suse.com/1158590"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1170415",
        "url": "https://bugzilla.suse.com/1170415"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1170446",
        "url": "https://bugzilla.suse.com/1170446"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1172377",
        "url": "https://bugzilla.suse.com/1172377"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1174075",
        "url": "https://bugzilla.suse.com/1174075"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1175081",
        "url": "https://bugzilla.suse.com/1175081"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1176708",
        "url": "https://bugzilla.suse.com/1176708"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178760",
        "url": "https://bugzilla.suse.com/1178760"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178801",
        "url": "https://bugzilla.suse.com/1178801"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1180243",
        "url": "https://bugzilla.suse.com/1180243"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1180401",
        "url": "https://bugzilla.suse.com/1180401"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1181594",
        "url": "https://bugzilla.suse.com/1181594"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1181641",
        "url": "https://bugzilla.suse.com/1181641"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1181677",
        "url": "https://bugzilla.suse.com/1181677"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1181730",
        "url": "https://bugzilla.suse.com/1181730"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1181732",
        "url": "https://bugzilla.suse.com/1181732"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1182168",
        "url": "https://bugzilla.suse.com/1182168"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1182476",
        "url": "https://bugzilla.suse.com/1182476"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1182947",
        "url": "https://bugzilla.suse.com/1182947"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1183855",
        "url": "https://bugzilla.suse.com/1183855"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1184768",
        "url": "https://bugzilla.suse.com/1184768"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1188447",
        "url": "https://bugzilla.suse.com/1188447"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1190670",
        "url": "https://bugzilla.suse.com/1190670"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1191015",
        "url": "https://bugzilla.suse.com/1191015"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1191121",
        "url": "https://bugzilla.suse.com/1191121"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1191334",
        "url": "https://bugzilla.suse.com/1191334"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1191355",
        "url": "https://bugzilla.suse.com/1191355"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1191434",
        "url": "https://bugzilla.suse.com/1191434"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1192814",
        "url": "https://bugzilla.suse.com/1192814"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1193273",
        "url": "https://bugzilla.suse.com/1193273"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1193930",
        "url": "https://bugzilla.suse.com/1193930"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1197284",
        "url": "https://bugzilla.suse.com/1197284"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1197517",
        "url": "https://bugzilla.suse.com/1197517"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1200022",
        "url": "https://bugzilla.suse.com/1200022"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1200145",
        "url": "https://bugzilla.suse.com/1200145"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1205375",
        "url": "https://bugzilla.suse.com/1205375"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1206065",
        "url": "https://bugzilla.suse.com/1206065"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1208074",
        "url": "https://bugzilla.suse.com/1208074"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1210141",
        "url": "https://bugzilla.suse.com/1210141"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1210797",
        "url": "https://bugzilla.suse.com/1210797"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1211578",
        "url": "https://bugzilla.suse.com/1211578"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1212368",
        "url": "https://bugzilla.suse.com/1212368"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1213120",
        "url": "https://bugzilla.suse.com/1213120"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1213229",
        "url": "https://bugzilla.suse.com/1213229"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1213500",
        "url": "https://bugzilla.suse.com/1213500"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1214107",
        "url": "https://bugzilla.suse.com/1214107"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1214108",
        "url": "https://bugzilla.suse.com/1214108"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1214109",
        "url": "https://bugzilla.suse.com/1214109"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1215323",
        "url": "https://bugzilla.suse.com/1215323"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1217513",
        "url": "https://bugzilla.suse.com/1217513"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1219267",
        "url": "https://bugzilla.suse.com/1219267"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1219268",
        "url": "https://bugzilla.suse.com/1219268"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1219438",
        "url": "https://bugzilla.suse.com/1219438"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1240150",
        "url": "https://bugzilla.suse.com/1240150"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1247362",
        "url": "https://bugzilla.suse.com/1247362"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1250508",
        "url": "https://bugzilla.suse.com/1250508"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1250596",
        "url": "https://bugzilla.suse.com/1250596"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 885209",
        "url": "https://bugzilla.suse.com/885209"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 907012",
        "url": "https://bugzilla.suse.com/907012"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 907014",
        "url": "https://bugzilla.suse.com/907014"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 908033",
        "url": "https://bugzilla.suse.com/908033"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 909709",
        "url": "https://bugzilla.suse.com/909709"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 909710",
        "url": "https://bugzilla.suse.com/909710"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 909712",
        "url": "https://bugzilla.suse.com/909712"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 913211",
        "url": "https://bugzilla.suse.com/913211"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 913213",
        "url": "https://bugzilla.suse.com/913213"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 920645",
        "url": "https://bugzilla.suse.com/920645"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 930235",
        "url": "https://bugzilla.suse.com/930235"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 931301",
        "url": "https://bugzilla.suse.com/931301"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 935570",
        "url": "https://bugzilla.suse.com/935570"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 938156",
        "url": "https://bugzilla.suse.com/938156"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 942369",
        "url": "https://bugzilla.suse.com/942369"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 942370",
        "url": "https://bugzilla.suse.com/942370"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 946653",
        "url": "https://bugzilla.suse.com/946653"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 949660",
        "url": "https://bugzilla.suse.com/949660"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 950931",
        "url": "https://bugzilla.suse.com/950931"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 953182",
        "url": "https://bugzilla.suse.com/953182"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 954737",
        "url": "https://bugzilla.suse.com/954737"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 954797",
        "url": "https://bugzilla.suse.com/954797"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 954812",
        "url": "https://bugzilla.suse.com/954812"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 956434",
        "url": "https://bugzilla.suse.com/956434"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 958255",
        "url": "https://bugzilla.suse.com/958255"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 959405",
        "url": "https://bugzilla.suse.com/959405"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 963142",
        "url": "https://bugzilla.suse.com/963142"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 964468",
        "url": "https://bugzilla.suse.com/964468"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 964673",
        "url": "https://bugzilla.suse.com/964673"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 965600",
        "url": "https://bugzilla.suse.com/965600"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 965918",
        "url": "https://bugzilla.suse.com/965918"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 968933",
        "url": "https://bugzilla.suse.com/968933"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 968972",
        "url": "https://bugzilla.suse.com/968972"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 970637",
        "url": "https://bugzilla.suse.com/970637"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 974208",
        "url": "https://bugzilla.suse.com/974208"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 976777",
        "url": "https://bugzilla.suse.com/976777"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 977394",
        "url": "https://bugzilla.suse.com/977394"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 978260",
        "url": "https://bugzilla.suse.com/978260"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 980555",
        "url": "https://bugzilla.suse.com/980555"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 983015",
        "url": "https://bugzilla.suse.com/983015"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 984942",
        "url": "https://bugzilla.suse.com/984942"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 987198",
        "url": "https://bugzilla.suse.com/987198"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 988408",
        "url": "https://bugzilla.suse.com/988408"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 988707",
        "url": "https://bugzilla.suse.com/988707"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 989566",
        "url": "https://bugzilla.suse.com/989566"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 993847",
        "url": "https://bugzilla.suse.com/993847"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 995058",
        "url": "https://bugzilla.suse.com/995058"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 995102",
        "url": "https://bugzilla.suse.com/995102"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 995620",
        "url": "https://bugzilla.suse.com/995620"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 996015",
        "url": "https://bugzilla.suse.com/996015"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 999582",
        "url": "https://bugzilla.suse.com/999582"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-3499 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-3499/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-5277 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-5277/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-6407 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-6407/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-6408 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-6408/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-8178 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-8178/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-8179 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-8179/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-9356 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-9356/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-9357 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-9357/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-9358 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-9358/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-3627 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-3627/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-3629 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-3629/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-3630 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-3630/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-3631 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-3631/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-3697 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-3697/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-8867 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-8867/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9962 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9962/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-14992 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-14992/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-16539 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-16539/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-10892 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-10892/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-15664 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-15664/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-16873 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-16873/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-16874 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-16874/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-16875 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-16875/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-20699 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-20699/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-13509 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-13509/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-14271 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-14271/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-12912 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-12912/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-13401 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-13401/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-15257 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-15257/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8694 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8694/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8695 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8695/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-21284 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-21284/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-21285 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-21285/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-41089 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-41089/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-41091 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-41091/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-41092 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-41092/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-41103 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-41103/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-41190 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-41190/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-43565 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-43565/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-24769 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-24769/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-27191 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-27191/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-36109 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-36109/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-28840 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-28840/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-28841 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-28841/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-28842 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-28842/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-23650 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-23650/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-23651 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-23651/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-23652 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-23652/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-23653 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-23653/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-29018 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-29018/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-41110 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-41110/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22868 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22868/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22869 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22869/"
      }
    ],
    "title": "Security update for docker-stable",
    "tracking": {
      "current_release_date": "2025-10-10T19:04:02Z",
      "generator": {
        "date": "2025-10-10T19:04:02Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:03540-1",
      "initial_release_date": "2025-10-10T19:04:02Z",
      "revision_history": [
        {
          "date": "2025-10-10T19:04:02Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "docker-stable-24.0.9_ce-1.20.1.aarch64",
                "product": {
                  "name": "docker-stable-24.0.9_ce-1.20.1.aarch64",
                  "product_id": "docker-stable-24.0.9_ce-1.20.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "docker-stable-24.0.9_ce-1.20.1.i586",
                "product": {
                  "name": "docker-stable-24.0.9_ce-1.20.1.i586",
                  "product_id": "docker-stable-24.0.9_ce-1.20.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
                "product": {
                  "name": "docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
                  "product_id": "docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "docker-stable-fish-completion-24.0.9_ce-1.20.1.noarch",
                "product": {
                  "name": "docker-stable-fish-completion-24.0.9_ce-1.20.1.noarch",
                  "product_id": "docker-stable-fish-completion-24.0.9_ce-1.20.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "docker-stable-rootless-extras-24.0.9_ce-1.20.1.noarch",
                "product": {
                  "name": "docker-stable-rootless-extras-24.0.9_ce-1.20.1.noarch",
                  "product_id": "docker-stable-rootless-extras-24.0.9_ce-1.20.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "docker-stable-zsh-completion-24.0.9_ce-1.20.1.noarch",
                "product": {
                  "name": "docker-stable-zsh-completion-24.0.9_ce-1.20.1.noarch",
                  "product_id": "docker-stable-zsh-completion-24.0.9_ce-1.20.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "docker-stable-24.0.9_ce-1.20.1.ppc64le",
                "product": {
                  "name": "docker-stable-24.0.9_ce-1.20.1.ppc64le",
                  "product_id": "docker-stable-24.0.9_ce-1.20.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "docker-stable-24.0.9_ce-1.20.1.s390x",
                "product": {
                  "name": "docker-stable-24.0.9_ce-1.20.1.s390x",
                  "product_id": "docker-stable-24.0.9_ce-1.20.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "docker-stable-24.0.9_ce-1.20.1.x86_64",
                "product": {
                  "name": "docker-stable-24.0.9_ce-1.20.1.x86_64",
                  "product_id": "docker-stable-24.0.9_ce-1.20.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-stable-24.0.9_ce-1.20.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64"
        },
        "product_reference": "docker-stable-24.0.9_ce-1.20.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-stable-24.0.9_ce-1.20.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le"
        },
        "product_reference": "docker-stable-24.0.9_ce-1.20.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-stable-24.0.9_ce-1.20.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x"
        },
        "product_reference": "docker-stable-24.0.9_ce-1.20.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-stable-24.0.9_ce-1.20.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64"
        },
        "product_reference": "docker-stable-24.0.9_ce-1.20.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        },
        "product_reference": "docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-stable-24.0.9_ce-1.20.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64"
        },
        "product_reference": "docker-stable-24.0.9_ce-1.20.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        },
        "product_reference": "docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2014-3499",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-3499"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-3499",
          "url": "https://www.suse.com/security/cve/CVE-2014-3499"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 885209 for CVE-2014-3499",
          "url": "https://bugzilla.suse.com/885209"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2014-3499"
    },
    {
      "cve": "CVE-2014-5277",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-5277"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-5277",
          "url": "https://www.suse.com/security/cve/CVE-2014-5277"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 904165 for CVE-2014-5277",
          "url": "https://bugzilla.suse.com/904165"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2014-5277"
    },
    {
      "cve": "CVE-2014-6407",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-6407"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-6407",
          "url": "https://www.suse.com/security/cve/CVE-2014-6407"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 907012 for CVE-2014-6407",
          "url": "https://bugzilla.suse.com/907012"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2014-6407"
    },
    {
      "cve": "CVE-2014-6408",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-6408"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-6408",
          "url": "https://www.suse.com/security/cve/CVE-2014-6408"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 907014 for CVE-2014-6408",
          "url": "https://bugzilla.suse.com/907014"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2014-6408"
    },
    {
      "cve": "CVE-2014-8178",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-8178"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-8178",
          "url": "https://www.suse.com/security/cve/CVE-2014-8178"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 949660 for CVE-2014-8178",
          "url": "https://bugzilla.suse.com/949660"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "important"
        }
      ],
      "title": "CVE-2014-8178"
    },
    {
      "cve": "CVE-2014-8179",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-8179"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-8179",
          "url": "https://www.suse.com/security/cve/CVE-2014-8179"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 949660 for CVE-2014-8179",
          "url": "https://bugzilla.suse.com/949660"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "important"
        }
      ],
      "title": "CVE-2014-8179"
    },
    {
      "cve": "CVE-2014-9356",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-9356"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-9356",
          "url": "https://www.suse.com/security/cve/CVE-2014-9356"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 909710 for CVE-2014-9356",
          "url": "https://bugzilla.suse.com/909710"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 909712 for CVE-2014-9356",
          "url": "https://bugzilla.suse.com/909712"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 909747 for CVE-2014-9356",
          "url": "https://bugzilla.suse.com/909747"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "important"
        }
      ],
      "title": "CVE-2014-9356"
    },
    {
      "cve": "CVE-2014-9357",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-9357"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-9357",
          "url": "https://www.suse.com/security/cve/CVE-2014-9357"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 909710 for CVE-2014-9357",
          "url": "https://bugzilla.suse.com/909710"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 909747 for CVE-2014-9357",
          "url": "https://bugzilla.suse.com/909747"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "important"
        }
      ],
      "title": "CVE-2014-9357"
    },
    {
      "cve": "CVE-2014-9358",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-9358"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) \"docker load\" operation or (2) \"registry communications.\"",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-9358",
          "url": "https://www.suse.com/security/cve/CVE-2014-9358"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 909709 for CVE-2014-9358",
          "url": "https://bugzilla.suse.com/909709"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 909747 for CVE-2014-9358",
          "url": "https://bugzilla.suse.com/909747"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2014-9358"
    },
    {
      "cve": "CVE-2015-3627",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-3627"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-3627",
          "url": "https://www.suse.com/security/cve/CVE-2015-3627"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 930235 for CVE-2015-3627",
          "url": "https://bugzilla.suse.com/930235"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 945060 for CVE-2015-3627",
          "url": "https://bugzilla.suse.com/945060"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "low"
        }
      ],
      "title": "CVE-2015-3627"
    },
    {
      "cve": "CVE-2015-3629",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-3629"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization (\"mount namespace breakout\") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-3629",
          "url": "https://www.suse.com/security/cve/CVE-2015-3629"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 930235 for CVE-2015-3629",
          "url": "https://bugzilla.suse.com/930235"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 945060 for CVE-2015-3629",
          "url": "https://bugzilla.suse.com/945060"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "important"
        }
      ],
      "title": "CVE-2015-3629"
    },
    {
      "cve": "CVE-2015-3630",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-3630"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-3630",
          "url": "https://www.suse.com/security/cve/CVE-2015-3630"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 930235 for CVE-2015-3630",
          "url": "https://bugzilla.suse.com/930235"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 945060 for CVE-2015-3630",
          "url": "https://bugzilla.suse.com/945060"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "important"
        }
      ],
      "title": "CVE-2015-3630"
    },
    {
      "cve": "CVE-2015-3631",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-3631"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-3631",
          "url": "https://www.suse.com/security/cve/CVE-2015-3631"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 930235 for CVE-2015-3631",
          "url": "https://bugzilla.suse.com/930235"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 945060 for CVE-2015-3631",
          "url": "https://bugzilla.suse.com/945060"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-3631"
    },
    {
      "cve": "CVE-2016-3697",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-3697"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-3697",
          "url": "https://www.suse.com/security/cve/CVE-2016-3697"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 976777 for CVE-2016-3697",
          "url": "https://bugzilla.suse.com/976777"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-3697"
    },
    {
      "cve": "CVE-2016-8867",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-8867"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-8867",
          "url": "https://www.suse.com/security/cve/CVE-2016-8867"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007249 for CVE-2016-8867",
          "url": "https://bugzilla.suse.com/1007249"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-8867"
    },
    {
      "cve": "CVE-2016-9962",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9962"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "RunC allowed additional container processes via \u0027runc exec\u0027 to be ptraced by the pid 1 of the container.  This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9962",
          "url": "https://www.suse.com/security/cve/CVE-2016-9962"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1012568 for CVE-2016-9962",
          "url": "https://bugzilla.suse.com/1012568"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173425 for CVE-2016-9962",
          "url": "https://bugzilla.suse.com/1173425"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9962"
    },
    {
      "cve": "CVE-2017-14992",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-14992"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-14992",
          "url": "https://www.suse.com/security/cve/CVE-2017-14992"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1066210 for CVE-2017-14992",
          "url": "https://bugzilla.suse.com/1066210"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-14992"
    },
    {
      "cve": "CVE-2017-16539",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-16539"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a \"scsi remove-single-device\" line to /proc/scsi/scsi, aka SCSI MICDROP.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-16539",
          "url": "https://www.suse.com/security/cve/CVE-2017-16539"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1066801 for CVE-2017-16539",
          "url": "https://bugzilla.suse.com/1066801"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-16539"
    },
    {
      "cve": "CVE-2018-10892",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-10892"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host\u0027s hardware like enabling/disabling bluetooth or turning up/down keyboard brightness.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-10892",
          "url": "https://www.suse.com/security/cve/CVE-2018-10892"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1100331 for CVE-2018-10892",
          "url": "https://bugzilla.suse.com/1100331"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1100838 for CVE-2018-10892",
          "url": "https://bugzilla.suse.com/1100838"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-10892"
    },
    {
      "cve": "CVE-2018-15664",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-15664"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Docker through 18.06.1-ce-rc2, the API endpoints behind the \u0027docker cp\u0027 command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-15664",
          "url": "https://www.suse.com/security/cve/CVE-2018-15664"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1096726 for CVE-2018-15664",
          "url": "https://bugzilla.suse.com/1096726"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1139649 for CVE-2018-15664",
          "url": "https://bugzilla.suse.com/1139649"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-15664"
    },
    {
      "cve": "CVE-2018-16873",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-16873"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-16873",
          "url": "https://www.suse.com/security/cve/CVE-2018-16873"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1118897 for CVE-2018-16873",
          "url": "https://bugzilla.suse.com/1118897"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1118898 for CVE-2018-16873",
          "url": "https://bugzilla.suse.com/1118898"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1118899 for CVE-2018-16873",
          "url": "https://bugzilla.suse.com/1118899"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-16873"
    },
    {
      "cve": "CVE-2018-16874",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-16874"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-16874",
          "url": "https://www.suse.com/security/cve/CVE-2018-16874"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1118897 for CVE-2018-16874",
          "url": "https://bugzilla.suse.com/1118897"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1118898 for CVE-2018-16874",
          "url": "https://bugzilla.suse.com/1118898"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1118899 for CVE-2018-16874",
          "url": "https://bugzilla.suse.com/1118899"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-16874"
    },
    {
      "cve": "CVE-2018-16875",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-16875"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-16875",
          "url": "https://www.suse.com/security/cve/CVE-2018-16875"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1118897 for CVE-2018-16875",
          "url": "https://bugzilla.suse.com/1118897"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1118898 for CVE-2018-16875",
          "url": "https://bugzilla.suse.com/1118898"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1118899 for CVE-2018-16875",
          "url": "https://bugzilla.suse.com/1118899"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-16875"
    },
    {
      "cve": "CVE-2018-20699",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-20699"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-20699",
          "url": "https://www.suse.com/security/cve/CVE-2018-20699"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1121768 for CVE-2018-20699",
          "url": "https://bugzilla.suse.com/1121768"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-20699"
    },
    {
      "cve": "CVE-2019-13509",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-13509"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-13509",
          "url": "https://www.suse.com/security/cve/CVE-2019-13509"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1142160 for CVE-2019-13509",
          "url": "https://bugzilla.suse.com/1142160"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-13509"
    },
    {
      "cve": "CVE-2019-14271",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-14271"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-14271",
          "url": "https://www.suse.com/security/cve/CVE-2019-14271"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1143409 for CVE-2019-14271",
          "url": "https://bugzilla.suse.com/1143409"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-14271"
    },
    {
      "cve": "CVE-2020-12912",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-12912"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A potential vulnerability in the AMD extension to Linux \"hwmon\" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-12912",
          "url": "https://www.suse.com/security/cve/CVE-2020-12912"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178760 for CVE-2020-12912",
          "url": "https://bugzilla.suse.com/1178760"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-12912"
    },
    {
      "cve": "CVE-2020-13401",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-13401"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-13401",
          "url": "https://www.suse.com/security/cve/CVE-2020-13401"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1172375 for CVE-2020-13401",
          "url": "https://bugzilla.suse.com/1172375"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1172377 for CVE-2020-13401",
          "url": "https://bugzilla.suse.com/1172377"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-13401"
    },
    {
      "cve": "CVE-2020-15257",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-15257"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim\u0027s API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon as they are released. It should be noted that containers started with an old version of containerd-shim should be stopped and restarted, as running containers will continue to be vulnerable even after an upgrade. If you are not providing the ability for untrusted users to start containers in the same network namespace as the shim (typically the \"host\" network namespace, for example with docker run --net=host or hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of isolation mechanisms used for a container necessarily increases that container\u0027s privilege, regardless of what container runtime is used for running that container.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-15257",
          "url": "https://www.suse.com/security/cve/CVE-2020-15257"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178969 for CVE-2020-15257",
          "url": "https://bugzilla.suse.com/1178969"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-15257"
    },
    {
      "cve": "CVE-2020-8694",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8694"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8694",
          "url": "https://www.suse.com/security/cve/CVE-2020-8694"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170415 for CVE-2020-8694",
          "url": "https://bugzilla.suse.com/1170415"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170446 for CVE-2020-8694",
          "url": "https://bugzilla.suse.com/1170446"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178591 for CVE-2020-8694",
          "url": "https://bugzilla.suse.com/1178591"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178700 for CVE-2020-8694",
          "url": "https://bugzilla.suse.com/1178700"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179661 for CVE-2020-8694",
          "url": "https://bugzilla.suse.com/1179661"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8694"
    },
    {
      "cve": "CVE-2020-8695",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8695"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8695",
          "url": "https://www.suse.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170415 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170415"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170446 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170446"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178591 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1178591"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8695"
    },
    {
      "cve": "CVE-2021-21284",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-21284"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using \"--userns-remap\", if the root user in the remapped namespace has access to the host filesystem they can modify files under \"/var/lib/docker/\u003cremapping\u003e\" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-21284",
          "url": "https://www.suse.com/security/cve/CVE-2021-21284"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1181732 for CVE-2021-21284",
          "url": "https://bugzilla.suse.com/1181732"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "low"
        }
      ],
      "title": "CVE-2021-21284"
    },
    {
      "cve": "CVE-2021-21285",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-21285"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-21285",
          "url": "https://www.suse.com/security/cve/CVE-2021-21285"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1181730 for CVE-2021-21285",
          "url": "https://bugzilla.suse.com/1181730"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-21285"
    },
    {
      "cve": "CVE-2021-41089",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-41089"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host\u0027s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-41089",
          "url": "https://www.suse.com/security/cve/CVE-2021-41089"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1191015 for CVE-2021-41089",
          "url": "https://bugzilla.suse.com/1191015"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1191355 for CVE-2021-41089",
          "url": "https://bugzilla.suse.com/1191355"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.6,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-41089"
    },
    {
      "cve": "CVE-2021-41091",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-41091"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-41091",
          "url": "https://www.suse.com/security/cve/CVE-2021-41091"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1191355 for CVE-2021-41091",
          "url": "https://bugzilla.suse.com/1191355"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1191434 for CVE-2021-41091",
          "url": "https://bugzilla.suse.com/1191434"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-41091"
    },
    {
      "cve": "CVE-2021-41092",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-41092"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-41092",
          "url": "https://www.suse.com/security/cve/CVE-2021-41092"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1191334 for CVE-2021-41092",
          "url": "https://bugzilla.suse.com/1191334"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1191355 for CVE-2021-41092",
          "url": "https://bugzilla.suse.com/1191355"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-41092"
    },
    {
      "cve": "CVE-2021-41103",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-41103"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-41103",
          "url": "https://www.suse.com/security/cve/CVE-2021-41103"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1191121 for CVE-2021-41103",
          "url": "https://bugzilla.suse.com/1191121"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1191355 for CVE-2021-41103",
          "url": "https://bugzilla.suse.com/1191355"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-41103"
    },
    {
      "cve": "CVE-2021-41190",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-41190"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both \"manifests\" and \"layers\" fields could be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a client may interpret the resulting content differently. The OCI Distribution Specification has been updated to require that a mediaType value present in a manifest or index match the Content-Type header used during the push and pull operations. Clients pulling from a registry may distrust the Content-Type header and reject an ambiguous document that contains both \"manifests\" and \"layers\" fields or \"manifests\" and \"config\" fields if they are unable to update to version 1.0.1 of the spec.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-41190",
          "url": "https://www.suse.com/security/cve/CVE-2021-41190"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1193273 for CVE-2021-41190",
          "url": "https://bugzilla.suse.com/1193273"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-41190"
    },
    {
      "cve": "CVE-2021-43565",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-43565"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-43565",
          "url": "https://www.suse.com/security/cve/CVE-2021-43565"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1193930 for CVE-2021-43565",
          "url": "https://bugzilla.suse.com/1193930"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-43565"
    },
    {
      "cve": "CVE-2022-24769",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-24769"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container\u0027s bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container\u0027s bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-24769",
          "url": "https://www.suse.com/security/cve/CVE-2022-24769"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1197517 for CVE-2022-24769",
          "url": "https://bugzilla.suse.com/1197517"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-24769"
    },
    {
      "cve": "CVE-2022-27191",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-27191"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-27191",
          "url": "https://www.suse.com/security/cve/CVE-2022-27191"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1197284 for CVE-2022-27191",
          "url": "https://bugzilla.suse.com/1197284"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-27191"
    },
    {
      "cve": "CVE-2022-36109",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-36109"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container.  This bug is fixed in Moby (Docker Engine) 20.10.18. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade, this problem can be worked around by not using the `\"USER $USERNAME\"` Dockerfile instruction. Instead by calling `ENTRYPOINT [\"su\", \"-\", \"user\"]` the supplementary groups will be set up properly.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-36109",
          "url": "https://www.suse.com/security/cve/CVE-2022-36109"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1205375 for CVE-2022-36109",
          "url": "https://bugzilla.suse.com/1205375"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-36109"
    },
    {
      "cve": "CVE-2023-28840",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-28840"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*.\n\nSwarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code.\n\nThe overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes.\n\nEncrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption.\n\nWhen setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet\u0027s VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN.\n\nTwo iptables rules serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the INPUT filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded.\n\nThe injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container\u0027s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network.\n\nPatches are available in Moby releases 23.0.3 and 20.10.24. As Mirantis Container Runtime\u0027s 20.10 releases are numbered differently, users of that platform should update to 20.10.16.\n\nSome workarounds are available. Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary to prevent all VXLAN packet injection, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-28840",
          "url": "https://www.suse.com/security/cve/CVE-2023-28840"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1214107 for CVE-2023-28840",
          "url": "https://bugzilla.suse.com/1214107"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1215525 for CVE-2023-28840",
          "url": "https://bugzilla.suse.com/1215525"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-28840"
    },
    {
      "cve": "CVE-2023-28841",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-28841"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker*.\n\nSwarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code.\n\nThe `overlay` network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with the VXLAN metadata, including a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes.\n\nEncrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption.\n\nWhen setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the `u32` iptables extension provided by the `xt_u32` kernel module to directly filter on a VXLAN packet\u0027s VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN.\n\nAn iptables rule designates outgoing VXLAN datagrams with a VNI that corresponds to an encrypted overlay network for IPsec encapsulation.\n\nEncrypted overlay networks on affected platforms silently transmit unencrypted data. As a result, `overlay` networks may appear to be functional, passing traffic as expected, but without any of the expected confidentiality or data integrity guarantees.\n\nIt is possible for an attacker sitting in a trusted position on the network to read all of the application traffic that is moving across the overlay network, resulting in unexpected secrets or user data disclosure. Thus, because many database protocols, internal APIs, etc. are not protected by a second layer of encryption, a user may use Swarm encrypted overlay networks to provide confidentiality, which due to this vulnerability this is no longer guaranteed.\n\nPatches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime\u0027s 20.10 releases are numbered differently, users of that platform should update to 20.10.16.\n\nSome workarounds are available. Close the VXLAN port (by default, UDP port 4789) to outgoing traffic at the Internet boundary in order to prevent unintentionally leaking unencrypted traffic over the Internet, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-28841",
          "url": "https://www.suse.com/security/cve/CVE-2023-28841"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1214108 for CVE-2023-28841",
          "url": "https://bugzilla.suse.com/1214108"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1215525 for CVE-2023-28841",
          "url": "https://bugzilla.suse.com/1215525"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-28841"
    },
    {
      "cve": "CVE-2023-28842",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-28842"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Moby) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker*.\n\nSwarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code.\n\nThe `overlay` network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with the VXLAN metadata, including a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes.\n\nEncrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption.\n\nWhen setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the `u32` iptables extension provided by the `xt_u32` kernel module to directly filter on a VXLAN packet\u0027s VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN.\n\nThe `overlay` driver dynamically and lazily defines the kernel configuration for the VXLAN network on each node as containers are attached and detached. Routes and encryption parameters are only defined for destination nodes that participate in the network. The iptables rules that prevent encrypted overlay networks from accepting unencrypted packets are not created until a peer is available with which to communicate.\n\nEncrypted overlay networks silently accept cleartext VXLAN datagrams that are tagged with the VNI of an encrypted overlay network. As a result, it is possible to inject arbitrary Ethernet frames into the encrypted overlay network by encapsulating them in VXLAN datagrams. The implications of this can be quite dire, and GHSA-vwm3-crmr-xfxw should be referenced for a deeper exploration.\n\nPatches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime\u0027s 20.10 releases are numbered differently, users of that platform should update to 20.10.16.\n\nSome workarounds are available. In multi-node clusters, deploy a global \u0027pause\u0027 container for each encrypted overlay network, on every node. For a single-node cluster, do not use overlay networks of any sort. Bridge networks provide the same connectivity on a single node and have no multi-node features. The Swarm ingress feature is implemented using an overlay network, but can be disabled by publishing ports in `host` mode instead of `ingress` mode (allowing the use of an external load balancer), and removing the `ingress` network. If encrypted overlay networks are in exclusive use, block UDP port 4789 from traffic that has not been validated by IPSec.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-28842",
          "url": "https://www.suse.com/security/cve/CVE-2023-28842"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1214109 for CVE-2023-28842",
          "url": "https://bugzilla.suse.com/1214109"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1215525 for CVE-2023-28842",
          "url": "https://bugzilla.suse.com/1215525"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-28842"
    },
    {
      "cve": "CVE-2024-23650",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-23650"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoid using BuildKit frontends from untrusted sources.\n",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-23650",
          "url": "https://www.suse.com/security/cve/CVE-2024-23650"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1219437 for CVE-2024-23650",
          "url": "https://bugzilla.suse.com/1219437"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-23650"
    },
    {
      "cve": "CVE-2024-23651",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-23651"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container. The issue has been fixed in v0.12.5. Workarounds include, avoiding using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with --mount=type=cache,source=... options.\n",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-23651",
          "url": "https://www.suse.com/security/cve/CVE-2024-23651"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1219267 for CVE-2024-23651",
          "url": "https://bugzilla.suse.com/1219267"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-23651"
    },
    {
      "cve": "CVE-2024-23652",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-23652"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file outside the container, from the host system. The issue has been fixed in v0.12.5. Workarounds include avoiding using BuildKit frontends from an untrusted source or building an untrusted Dockerfile containing RUN --mount feature.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-23652",
          "url": "https://www.suse.com/security/cve/CVE-2024-23652"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1219268 for CVE-2024-23652",
          "url": "https://bugzilla.suse.com/1219268"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-23652"
    },
    {
      "cve": "CVE-2024-23653",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-23653"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if special `security.insecure` entitlement is enabled both by buildkitd configuration and allowed by the user initializing the build request. The issue has been fixed in v0.12.5 . Avoid using BuildKit frontends from untrusted sources. \n",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-23653",
          "url": "https://www.suse.com/security/cve/CVE-2024-23653"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1219438 for CVE-2024-23653",
          "url": "https://bugzilla.suse.com/1219438"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-23653"
    },
    {
      "cve": "CVE-2024-29018",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-29018"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby\u0027s networking implementation allows for many networks, each with their own IP address range and gateway, to be defined. This feature is frequently referred to as custom networks, as each network can have a different driver, set of parameters and thus behaviors. When creating a network, the `--internal` flag is used to designate a network as _internal_. The `internal` attribute in a docker-compose.yml file may also be used to mark a network _internal_, and other API clients may specify the `internal` parameter as well.\n\nWhen containers with networking are created, they are assigned unique network interfaces and IP addresses. The host serves as a router for non-internal networks, with a gateway IP that provides SNAT/DNAT to/from container IPs.\n\nContainers on an internal network may communicate between each other, but are precluded from communicating with any networks the host has access to (LAN or WAN) as no default route is configured, and firewall rules are set up to drop all outgoing traffic. Communication with the gateway IP address (and thus appropriately configured host services) is possible, and the host may communicate with any container IP directly.\n\nIn addition to configuring the Linux kernel\u0027s various networking features to enable container networking, `dockerd` directly provides some services to container networks. Principal among these is serving as a resolver, enabling service discovery, and resolution of names from an upstream resolver.\n\nWhen a DNS request for a name that does not correspond to a container is received, the request is forwarded to the configured upstream resolver. This request is made from the container\u0027s network namespace: the level of access and routing of traffic is the same as if the request was made by the container itself.\n\nAs a consequence of this design, containers solely attached to an internal network will be unable to resolve names using the upstream resolver, as the container itself is unable to communicate with that nameserver. Only the names of containers also attached to the internal network are able to be resolved.\n\nMany systems run a local forwarding DNS resolver. As the host and any containers have separate loopback devices, a consequence of the design described above is that containers are unable to resolve names from the host\u0027s configured resolver, as they cannot reach these addresses on the host loopback device. To bridge this gap, and to allow containers to properly resolve names even when a local forwarding resolver is used on a loopback address, `dockerd` detects this scenario and instead forward DNS requests from the host namework namespace. The loopback resolver then forwards the requests to its configured upstream resolvers, as expected.\n\nBecause `dockerd` forwards DNS requests to the host loopback device, bypassing the container network namespace\u0027s normal routing semantics entirely, internal networks can unexpectedly forward DNS requests to an external nameserver. By registering a domain for which they control the authoritative nameservers, an attacker could arrange for a compromised container to exfiltrate data by encoding it in DNS queries that will eventually be answered by their nameservers.\n\nDocker Desktop is not affected, as Docker Desktop always runs an internal resolver on a RFC 1918 address.\n\nMoby releases 26.0.0, 25.0.4, and 23.0.11 are patched to prevent forwarding any DNS requests from internal networks. As a workaround, run containers intended to be solely attached to internal networks with a custom upstream address, which will force all upstream DNS queries to be resolved from the container\u0027s network namespace.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-29018",
          "url": "https://www.suse.com/security/cve/CVE-2024-29018"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1234089 for CVE-2024-29018",
          "url": "https://bugzilla.suse.com/1234089"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-29018"
    },
    {
      "cve": "CVE-2024-41110",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-41110"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low.\n\nUsing a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.\n\nA security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted.\n\nDocker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable.\n\ndocker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-41110",
          "url": "https://www.suse.com/security/cve/CVE-2024-41110"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1228324 for CVE-2024-41110",
          "url": "https://bugzilla.suse.com/1228324"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2024-41110"
    },
    {
      "cve": "CVE-2025-22868",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22868"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22868",
          "url": "https://www.suse.com/security/cve/CVE-2025-22868"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1239185 for CVE-2025-22868",
          "url": "https://bugzilla.suse.com/1239185"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1239186 for CVE-2025-22868",
          "url": "https://bugzilla.suse.com/1239186"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-22868"
    },
    {
      "cve": "CVE-2025-22869",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22869"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22869",
          "url": "https://www.suse.com/security/cve/CVE-2025-22869"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1239322 for CVE-2025-22869",
          "url": "https://bugzilla.suse.com/1239322"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.20.1.x86_64",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.20.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-10-10T19:04:02Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-22869"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for ucode-intel",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for ucode-intel fixes the following issues:\n\n- Intel CPU Microcode updated to 20201027 prerelease \n- CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446)\n- CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594)\n\n# New Platforms:\n  | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products\n  |:---------------|:---------|:------------|:---------|:---------|:---------\n  | TGL            | B1       | 06-8c-01/80 |          | 00000068 | Core Gen11 Mobile\n  | CPX-SP         | A1       | 06-55-0b/bf |          | 0700001e | Xeon Scalable Gen3\n  | CML-H          | R1       | 06-a5-02/20 |          | 000000e0 | Core Gen10 Mobile\n  | CML-S62        | G1       | 06-a5-03/22 |          | 000000e0 | Core Gen10\n  | CML-S102       | Q0       | 06-a5-05/22 |          | 000000e0 | Core Gen10 \n  | CML-U62 V2     | K0       | 06-a6-01/80 |          | 000000e0 | Core Gen10 Mobile\n  # Updated Platforms:\n  | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products\n  |:---------------|:---------|:------------|:---------|:---------|:---------\n  | GKL-R          | R0       | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120\n  | SKL-U/Y        | D0       | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile\n  | SKL-U23e       | K1       | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile\n  | APL            | D0       | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx\n  | APL            | E0       | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx\n  | SKL-H/S        | R0/N0    | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5\n  | HSX-E/EP       | Cx/M1    | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3\n  | SKX-SP         | B1       | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable\n  | SKX-SP         | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable\n  | SKX-D          | M1       | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx\n  | CLX-SP         | B0       | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2\n  | CLX-SP         | B1       | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2\n  | ICL-U/Y        | D1       | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile\n  | AML-Y22        | H0       | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile\n  | KBL-U/Y        | H0       | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile\n  | CFL-U43e       | D0       | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile\n  | WHL-U          | W0       | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile\n  | AML-Y42        | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile\n  | CML-Y42        | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile\n  | WHL-U          | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile\n  | KBL-G/H/S/E3   | B0       | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6\n  | CFL-H/S/E3     | U0       | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E\n  | CFL-S          | B0       | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8\n  | CFL-H/S        | P0       | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9\n  | CFL-H          | R0       | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile\n  | CML-U62        | A0       | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2020-3274,SUSE-SLE-SERVER-12-SP5-2020-3274",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3274-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2020:3274-1",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203274-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2020:3274-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007749.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1170446",
        "url": "https://bugzilla.suse.com/1170446"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1173594",
        "url": "https://bugzilla.suse.com/1173594"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8695 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8695/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8698 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8698/"
      }
    ],
    "title": "Security update for ucode-intel",
    "tracking": {
      "current_release_date": "2020-11-10T19:08:17Z",
      "generator": {
        "date": "2020-11-10T19:08:17Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2020:3274-1",
      "initial_release_date": "2020-11-10T19:08:17Z",
      "revision_history": [
        {
          "date": "2020-11-10T19:08:17Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ucode-intel-20201027-3.20.1.i586",
                "product": {
                  "name": "ucode-intel-20201027-3.20.1.i586",
                  "product_id": "ucode-intel-20201027-3.20.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ucode-intel-20201027-3.20.1.x86_64",
                "product": {
                  "name": "ucode-intel-20201027-3.20.1.x86_64",
                  "product_id": "ucode-intel-20201027-3.20.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201027-3.20.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:ucode-intel-20201027-3.20.1.x86_64"
        },
        "product_reference": "ucode-intel-20201027-3.20.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201027-3.20.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20201027-3.20.1.x86_64"
        },
        "product_reference": "ucode-intel-20201027-3.20.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-8695",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8695"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5:ucode-intel-20201027-3.20.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20201027-3.20.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8695",
          "url": "https://www.suse.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170415 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170415"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170446 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170446"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178591 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1178591"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5:ucode-intel-20201027-3.20.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20201027-3.20.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5:ucode-intel-20201027-3.20.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20201027-3.20.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-10T19:08:17Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8695"
    },
    {
      "cve": "CVE-2020-8698",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8698"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5:ucode-intel-20201027-3.20.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20201027-3.20.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8698",
          "url": "https://www.suse.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173594 for CVE-2020-8698",
          "url": "https://bugzilla.suse.com/1173594"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5:ucode-intel-20201027-3.20.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20201027-3.20.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5:ucode-intel-20201027-3.20.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20201027-3.20.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-10T19:08:17Z",
          "details": "low"
        }
      ],
      "title": "CVE-2020-8698"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for ucode-intel",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for ucode-intel fixes the following issues:\n\n- Updated Intel CPU Microcode to 20201110 official release.\n - CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446)\n - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594)\n - CVE-2020-8696: Vector Register Sampling Active INTEL-SA-00381 (bsc#1173592)\n\n- Release notes:\n  - Security updates for [INTEL-SA-00381](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html).\n  - Security updates for [INTEL-SA-00389](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html).\n  - Update for functional issues. Refer to [Second Generation Intel\u00ae Xeon\u00ae Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details.\n  - Update for functional issues. Refer to [Intel\u00ae Xeon\u00ae Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details.\n  - Update for functional issues. Refer to [Intel\u00ae Xeon\u00ae Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details.\n  - Update for functional issues. Refer to [10th Gen Intel\u00ae Core\u2122 Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details.\n  - Update for functional issues. Refer to [8th and 9th Gen Intel\u00ae Core\u2122 Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details.\n  - Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel\u00ae Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details.\n  - Update for functional issues. Refer to [6th Gen Intel\u00ae Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details.\n  - Update for functional issues. Refer to [Intel\u00ae Xeon\u00ae E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details.\n  - Update for functional issues. Refer to [Intel\u00ae Xeon\u00ae E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details.\n\n  ### New Platforms\n  | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products\n  |:---------------|:---------|:------------|:---------|:---------|:---------\n  | CPX-SP         | A1       | 06-55-0b/bf |          | 0700001e | Xeon Scalable Gen3\n  | LKF            | B2/B3    | 06-8a-01/10 |          | 00000028 | Core w/Hybrid Technology\n  | TGL            | B1       | 06-8c-01/80 |          | 00000068 | Core Gen11 Mobile\n  | CML-H          | R1       | 06-a5-02/20 |          | 000000e0 | Core Gen10 Mobile\n  | CML-S62        | G1       | 06-a5-03/22 |          | 000000e0 | Core Gen10\n  | CML-S102       | Q0       | 06-a5-05/22 |          | 000000e0 | Core Gen10 \n  | CML-U62 V2     | K0       | 06-a6-01/80 |          | 000000e0 | Core Gen10 Mobile\n  ### Updated Platforms\n  | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products\n  |:---------------|:---------|:------------|:---------|:---------|:---------\n  | HSX-E/EP       | Cx/M1    | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3\n  | SKL-U/Y        | D0       | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile\n  | SKL-U23e       | K1       | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile\n  | SKX-SP         | B1       | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable\n  | SKX-SP         | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable\n  | SKX-D          | M1       | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx\n  | CLX-SP         | B0       | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2\n  | CLX-SP         | B1       | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2\n  | APL            | D0       | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx\n  | APL            | E0       | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx\n  | SKL-H/S        | R0/N0    | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5\n  | GKL-R          | R0       | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120\n  | ICL-U/Y        | D1       | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile\n  | AML-Y22        | H0       | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile\n  | KBL-U/Y        | H0       | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile\n  | CFL-U43e       | D0       | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile\n  | WHL-U          | W0       | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile\n  | AML-Y42        | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile\n  | CML-Y42        | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile\n  | WHL-U          | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile\n  | KBL-G/H/S/E3   | B0       | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6\n  | CFL-H/S/E3     | U0       | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E\n  | CFL-S          | B0       | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8\n  | CFL-H/S        | P0       | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9\n  | CFL-H          | R0       | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile\n  | CML-U62        | A0       | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2020-3373,SUSE-SLE-Module-Basesystem-15-SP2-2020-3373",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3373-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2020:3373-1",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203373-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2020:3373-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007799.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1170446",
        "url": "https://bugzilla.suse.com/1170446"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1173592",
        "url": "https://bugzilla.suse.com/1173592"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1173594",
        "url": "https://bugzilla.suse.com/1173594"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8695 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8695/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8696 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8696/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8698 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8698/"
      }
    ],
    "title": "Security update for ucode-intel",
    "tracking": {
      "current_release_date": "2020-11-19T08:27:45Z",
      "generator": {
        "date": "2020-11-19T08:27:45Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2020:3373-1",
      "initial_release_date": "2020-11-19T08:27:45Z",
      "revision_history": [
        {
          "date": "2020-11-19T08:27:45Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ucode-intel-20201110-2.10.1.i586",
                "product": {
                  "name": "ucode-intel-20201110-2.10.1.i586",
                  "product_id": "ucode-intel-20201110-2.10.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ucode-intel-20201110-2.10.1.x86_64",
                "product": {
                  "name": "ucode-intel-20201110-2.10.1.x86_64",
                  "product_id": "ucode-intel-20201110-2.10.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
                  "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-basesystem:15:sp2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201110-2.10.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:ucode-intel-20201110-2.10.1.x86_64"
        },
        "product_reference": "ucode-intel-20201110-2.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-8695",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8695"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:ucode-intel-20201110-2.10.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8695",
          "url": "https://www.suse.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170415 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170415"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170446 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170446"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178591 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1178591"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:ucode-intel-20201110-2.10.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:ucode-intel-20201110-2.10.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-19T08:27:45Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8695"
    },
    {
      "cve": "CVE-2020-8696",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8696"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:ucode-intel-20201110-2.10.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8696",
          "url": "https://www.suse.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173592 for CVE-2020-8696",
          "url": "https://bugzilla.suse.com/1173592"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:ucode-intel-20201110-2.10.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:ucode-intel-20201110-2.10.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-19T08:27:45Z",
          "details": "low"
        }
      ],
      "title": "CVE-2020-8696"
    },
    {
      "cve": "CVE-2020-8698",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8698"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:ucode-intel-20201110-2.10.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8698",
          "url": "https://www.suse.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173594 for CVE-2020-8698",
          "url": "https://bugzilla.suse.com/1173594"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:ucode-intel-20201110-2.10.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:ucode-intel-20201110-2.10.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-19T08:27:45Z",
          "details": "low"
        }
      ],
      "title": "CVE-2020-8698"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for ucode-intel",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for ucode-intel fixes the following issues:\n\n- Updated Intel CPU Microcode to 20201110 official release.\n - CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) INTEL-SA-00389 (bsc#1170446)\n - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594)\n - CVE-2020-8696: Vector Register Sampling Active INTEL-SA-00381 (bsc#1173592)\n\n- Release notes:\n  - Security updates for [INTEL-SA-00381](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html).\n  - Security updates for [INTEL-SA-00389](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html).\n  - Update for functional issues. Refer to [Second Generation Intel\u00ae Xeon\u00ae Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details.\n  - Update for functional issues. Refer to [Intel\u00ae Xeon\u00ae Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details.\n  - Update for functional issues. Refer to [Intel\u00ae Xeon\u00ae Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details.\n  - Update for functional issues. Refer to [10th Gen Intel\u00ae Core\u2122 Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details.\n  - Update for functional issues. Refer to [8th and 9th Gen Intel\u00ae Core\u2122 Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details.\n  - Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel\u00ae Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details.\n  - Update for functional issues. Refer to [6th Gen Intel\u00ae Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details.\n  - Update for functional issues. Refer to [Intel\u00ae Xeon\u00ae E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details.\n  - Update for functional issues. Refer to [Intel\u00ae Xeon\u00ae E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details.\n\n  ### New Platforms\n  | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products\n  |:---------------|:---------|:------------|:---------|:---------|:---------\n  | CPX-SP         | A1       | 06-55-0b/bf |          | 0700001e | Xeon Scalable Gen3\n  | LKF            | B2/B3    | 06-8a-01/10 |          | 00000028 | Core w/Hybrid Technology\n  | TGL            | B1       | 06-8c-01/80 |          | 00000068 | Core Gen11 Mobile\n  | CML-H          | R1       | 06-a5-02/20 |          | 000000e0 | Core Gen10 Mobile\n  | CML-S62        | G1       | 06-a5-03/22 |          | 000000e0 | Core Gen10\n  | CML-S102       | Q0       | 06-a5-05/22 |          | 000000e0 | Core Gen10 \n  | CML-U62 V2     | K0       | 06-a6-01/80 |          | 000000e0 | Core Gen10 Mobile\n  ### Updated Platforms\n  | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products\n  |:---------------|:---------|:------------|:---------|:---------|:---------\n  | HSX-E/EP       | Cx/M1    | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3\n  | SKL-U/Y        | D0       | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile\n  | SKL-U23e       | K1       | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile\n  | SKX-SP         | B1       | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable\n  | SKX-SP         | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable\n  | SKX-D          | M1       | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx\n  | CLX-SP         | B0       | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2\n  | CLX-SP         | B1       | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2\n  | APL            | D0       | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx\n  | APL            | E0       | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx\n  | SKL-H/S        | R0/N0    | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5\n  | GKL-R          | R0       | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120\n  | ICL-U/Y        | D1       | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile\n  | AML-Y22        | H0       | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile\n  | KBL-U/Y        | H0       | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile\n  | CFL-U43e       | D0       | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile\n  | WHL-U          | W0       | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile\n  | AML-Y42        | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile\n  | CML-Y42        | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile\n  | WHL-U          | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile\n  | KBL-G/H/S/E3   | B0       | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6\n  | CFL-H/S/E3     | U0       | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E\n  | CFL-S          | B0       | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8\n  | CFL-H/S        | P0       | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9\n  | CFL-H          | R0       | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile\n  | CML-U62        | A0       | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2020-3457,SUSE-SLE-SERVER-12-SP5-2020-3457",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3457-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2020:3457-1",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203457-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2020:3457-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007824.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1170446",
        "url": "https://bugzilla.suse.com/1170446"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1173592",
        "url": "https://bugzilla.suse.com/1173592"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1173594",
        "url": "https://bugzilla.suse.com/1173594"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8695 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8695/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8696 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8696/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8698 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8698/"
      }
    ],
    "title": "Security update for ucode-intel",
    "tracking": {
      "current_release_date": "2020-11-20T09:16:05Z",
      "generator": {
        "date": "2020-11-20T09:16:05Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2020:3457-1",
      "initial_release_date": "2020-11-20T09:16:05Z",
      "revision_history": [
        {
          "date": "2020-11-20T09:16:05Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ucode-intel-20201110-3.23.1.i586",
                "product": {
                  "name": "ucode-intel-20201110-3.23.1.i586",
                  "product_id": "ucode-intel-20201110-3.23.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ucode-intel-20201110-3.23.1.x86_64",
                "product": {
                  "name": "ucode-intel-20201110-3.23.1.x86_64",
                  "product_id": "ucode-intel-20201110-3.23.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201110-3.23.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:ucode-intel-20201110-3.23.1.x86_64"
        },
        "product_reference": "ucode-intel-20201110-3.23.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201110-3.23.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20201110-3.23.1.x86_64"
        },
        "product_reference": "ucode-intel-20201110-3.23.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-8695",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8695"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5:ucode-intel-20201110-3.23.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20201110-3.23.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8695",
          "url": "https://www.suse.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170415 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170415"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170446 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170446"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178591 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1178591"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5:ucode-intel-20201110-3.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20201110-3.23.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5:ucode-intel-20201110-3.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20201110-3.23.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-20T09:16:05Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8695"
    },
    {
      "cve": "CVE-2020-8696",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8696"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5:ucode-intel-20201110-3.23.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20201110-3.23.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8696",
          "url": "https://www.suse.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173592 for CVE-2020-8696",
          "url": "https://bugzilla.suse.com/1173592"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5:ucode-intel-20201110-3.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20201110-3.23.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5:ucode-intel-20201110-3.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20201110-3.23.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-20T09:16:05Z",
          "details": "low"
        }
      ],
      "title": "CVE-2020-8696"
    },
    {
      "cve": "CVE-2020-8698",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8698"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5:ucode-intel-20201110-3.23.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20201110-3.23.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8698",
          "url": "https://www.suse.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173594 for CVE-2020-8698",
          "url": "https://bugzilla.suse.com/1173594"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5:ucode-intel-20201110-3.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20201110-3.23.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5:ucode-intel-20201110-3.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20201110-3.23.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-20T09:16:05Z",
          "details": "low"
        }
      ],
      "title": "CVE-2020-8698"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for ucode-intel",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for ucode-intel fixes the following issues:\n\n- Intel CPU Microcode updated to 20201027 prerelease\n- CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446)\n- CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594)\n\n# New Platforms:\n  | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products\n  |:---------------|:---------|:------------|:---------|:---------|:---------\n  | TGL            | B1       | 06-8c-01/80 |          | 00000068 | Core Gen11 Mobile\n  | CPX-SP         | A1       | 06-55-0b/bf |          | 0700001e | Xeon Scalable Gen3\n  | CML-H          | R1       | 06-a5-02/20 |          | 000000e0 | Core Gen10 Mobile\n  | CML-S62        | G1       | 06-a5-03/22 |          | 000000e0 | Core Gen10\n  | CML-S102       | Q0       | 06-a5-05/22 |          | 000000e0 | Core Gen10 \n  | CML-U62 V2     | K0       | 06-a6-01/80 |          | 000000e0 | Core Gen10 Mobile\n  # Updated Platforms:\n  | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products\n  |:---------------|:---------|:------------|:---------|:---------|:---------\n  | GKL-R          | R0       | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120\n  | SKL-U/Y        | D0       | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile\n  | SKL-U23e       | K1       | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile\n  | APL            | D0       | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx\n  | APL            | E0       | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx\n  | SKL-H/S        | R0/N0    | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5\n  | HSX-E/EP       | Cx/M1    | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3\n  | SKX-SP         | B1       | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable\n  | SKX-SP         | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable\n  | SKX-D          | M1       | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx\n  | CLX-SP         | B0       | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2\n  | CLX-SP         | B1       | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2\n  | ICL-U/Y        | D1       | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile\n  | AML-Y22        | H0       | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile\n  | KBL-U/Y        | H0       | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile\n  | CFL-U43e       | D0       | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile\n  | WHL-U          | W0       | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile\n  | AML-Y42        | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile\n  | CML-Y42        | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile\n  | WHL-U          | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile\n  | KBL-G/H/S/E3   | B0       | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6\n  | CFL-H/S/E3     | U0       | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E\n  | CFL-S          | B0       | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8\n  | CFL-H/S        | P0       | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9\n  | CFL-H          | R0       | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile\n  | CML-U62        | A0       | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2020-3276,SUSE-SLE-Module-Basesystem-15-SP1-2020-3276",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3276-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2020:3276-1",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203276-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2020:3276-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007744.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1170446",
        "url": "https://bugzilla.suse.com/1170446"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1173594",
        "url": "https://bugzilla.suse.com/1173594"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8695 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8695/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8698 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8698/"
      }
    ],
    "title": "Security update for ucode-intel",
    "tracking": {
      "current_release_date": "2020-11-10T19:10:37Z",
      "generator": {
        "date": "2020-11-10T19:10:37Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2020:3276-1",
      "initial_release_date": "2020-11-10T19:10:37Z",
      "revision_history": [
        {
          "date": "2020-11-10T19:10:37Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ucode-intel-20201027-3.33.1.i586",
                "product": {
                  "name": "ucode-intel-20201027-3.33.1.i586",
                  "product_id": "ucode-intel-20201027-3.33.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ucode-intel-20201027-3.33.1.x86_64",
                "product": {
                  "name": "ucode-intel-20201027-3.33.1.x86_64",
                  "product_id": "ucode-intel-20201027-3.33.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
                  "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-basesystem:15:sp1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201027-3.33.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ucode-intel-20201027-3.33.1.x86_64"
        },
        "product_reference": "ucode-intel-20201027-3.33.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-8695",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8695"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:ucode-intel-20201027-3.33.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8695",
          "url": "https://www.suse.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170415 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170415"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170446 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170446"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178591 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1178591"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:ucode-intel-20201027-3.33.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:ucode-intel-20201027-3.33.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-10T19:10:37Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8695"
    },
    {
      "cve": "CVE-2020-8698",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8698"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:ucode-intel-20201027-3.33.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8698",
          "url": "https://www.suse.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173594 for CVE-2020-8698",
          "url": "https://bugzilla.suse.com/1173594"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:ucode-intel-20201027-3.33.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:ucode-intel-20201027-3.33.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-10T19:10:37Z",
          "details": "low"
        }
      ],
      "title": "CVE-2020-8698"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for containerd, docker, runc",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for containerd, docker, runc fixes the following issues:\n\ncontainerd:\n\n-Update to containerd v1.7.8. Upstream release notes:\n\n  https://github.com/containerd/containerd/releases/tag/v1.7.8\n\ndocker:\n\n- Update to Docker 24.0.7-ce. See upstream changelong online at\n  https://docs.docker.com/engine/release-notes/24.0/#2407 (bsc#1217513)\n  * Deny containers access to /sys/devices/virtual/powercap by default.\n    - CVE-2020-8694 bsc#1170415\n    - CVE-2020-8695 bsc#1170446\n    - CVE-2020-12912 bsc#1178760\n\nrunc:\n\n- Update to runc v1.1.10. Upstream changelog is available from\n  https://github.com/opencontainers/runc/releases/tag/v1.1.10\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2023-4625,SUSE-SLE-Module-Containers-12-2023-4625",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_4625-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2023:4625-1",
        "url": "https://www.suse.com/support/update/announcement/2023/suse-su-20234625-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2023:4625-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017270.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1170415",
        "url": "https://bugzilla.suse.com/1170415"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1170446",
        "url": "https://bugzilla.suse.com/1170446"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178760",
        "url": "https://bugzilla.suse.com/1178760"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1217513",
        "url": "https://bugzilla.suse.com/1217513"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-12912 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-12912/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8694 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8694/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8695 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8695/"
      }
    ],
    "title": "Security update for containerd, docker, runc",
    "tracking": {
      "current_release_date": "2023-12-01T08:26:08Z",
      "generator": {
        "date": "2023-12-01T08:26:08Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2023:4625-1",
      "initial_release_date": "2023-12-01T08:26:08Z",
      "revision_history": [
        {
          "date": "2023-12-01T08:26:08Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "containerd-1.7.8-16.88.1.aarch64",
                "product": {
                  "name": "containerd-1.7.8-16.88.1.aarch64",
                  "product_id": "containerd-1.7.8-16.88.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "containerd-ctr-1.7.8-16.88.1.aarch64",
                "product": {
                  "name": "containerd-ctr-1.7.8-16.88.1.aarch64",
                  "product_id": "containerd-ctr-1.7.8-16.88.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "containerd-devel-1.7.8-16.88.1.aarch64",
                "product": {
                  "name": "containerd-devel-1.7.8-16.88.1.aarch64",
                  "product_id": "containerd-devel-1.7.8-16.88.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "docker-24.0.7_ce-98.103.1.aarch64",
                "product": {
                  "name": "docker-24.0.7_ce-98.103.1.aarch64",
                  "product_id": "docker-24.0.7_ce-98.103.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "runc-1.1.10-16.40.1.aarch64",
                "product": {
                  "name": "runc-1.1.10-16.40.1.aarch64",
                  "product_id": "runc-1.1.10-16.40.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "containerd-1.7.8-16.88.1.i586",
                "product": {
                  "name": "containerd-1.7.8-16.88.1.i586",
                  "product_id": "containerd-1.7.8-16.88.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "containerd-ctr-1.7.8-16.88.1.i586",
                "product": {
                  "name": "containerd-ctr-1.7.8-16.88.1.i586",
                  "product_id": "containerd-ctr-1.7.8-16.88.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "containerd-devel-1.7.8-16.88.1.i586",
                "product": {
                  "name": "containerd-devel-1.7.8-16.88.1.i586",
                  "product_id": "containerd-devel-1.7.8-16.88.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "docker-24.0.7_ce-98.103.1.i586",
                "product": {
                  "name": "docker-24.0.7_ce-98.103.1.i586",
                  "product_id": "docker-24.0.7_ce-98.103.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "runc-1.1.10-16.40.1.i586",
                "product": {
                  "name": "runc-1.1.10-16.40.1.i586",
                  "product_id": "runc-1.1.10-16.40.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "docker-bash-completion-24.0.7_ce-98.103.1.noarch",
                "product": {
                  "name": "docker-bash-completion-24.0.7_ce-98.103.1.noarch",
                  "product_id": "docker-bash-completion-24.0.7_ce-98.103.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "docker-fish-completion-24.0.7_ce-98.103.1.noarch",
                "product": {
                  "name": "docker-fish-completion-24.0.7_ce-98.103.1.noarch",
                  "product_id": "docker-fish-completion-24.0.7_ce-98.103.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "docker-rootless-extras-24.0.7_ce-98.103.1.noarch",
                "product": {
                  "name": "docker-rootless-extras-24.0.7_ce-98.103.1.noarch",
                  "product_id": "docker-rootless-extras-24.0.7_ce-98.103.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "docker-zsh-completion-24.0.7_ce-98.103.1.noarch",
                "product": {
                  "name": "docker-zsh-completion-24.0.7_ce-98.103.1.noarch",
                  "product_id": "docker-zsh-completion-24.0.7_ce-98.103.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "containerd-1.7.8-16.88.1.ppc64le",
                "product": {
                  "name": "containerd-1.7.8-16.88.1.ppc64le",
                  "product_id": "containerd-1.7.8-16.88.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "containerd-ctr-1.7.8-16.88.1.ppc64le",
                "product": {
                  "name": "containerd-ctr-1.7.8-16.88.1.ppc64le",
                  "product_id": "containerd-ctr-1.7.8-16.88.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "containerd-devel-1.7.8-16.88.1.ppc64le",
                "product": {
                  "name": "containerd-devel-1.7.8-16.88.1.ppc64le",
                  "product_id": "containerd-devel-1.7.8-16.88.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "docker-24.0.7_ce-98.103.1.ppc64le",
                "product": {
                  "name": "docker-24.0.7_ce-98.103.1.ppc64le",
                  "product_id": "docker-24.0.7_ce-98.103.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "runc-1.1.10-16.40.1.ppc64le",
                "product": {
                  "name": "runc-1.1.10-16.40.1.ppc64le",
                  "product_id": "runc-1.1.10-16.40.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "containerd-1.7.8-16.88.1.s390x",
                "product": {
                  "name": "containerd-1.7.8-16.88.1.s390x",
                  "product_id": "containerd-1.7.8-16.88.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "containerd-ctr-1.7.8-16.88.1.s390x",
                "product": {
                  "name": "containerd-ctr-1.7.8-16.88.1.s390x",
                  "product_id": "containerd-ctr-1.7.8-16.88.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "containerd-devel-1.7.8-16.88.1.s390x",
                "product": {
                  "name": "containerd-devel-1.7.8-16.88.1.s390x",
                  "product_id": "containerd-devel-1.7.8-16.88.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "docker-24.0.7_ce-98.103.1.s390x",
                "product": {
                  "name": "docker-24.0.7_ce-98.103.1.s390x",
                  "product_id": "docker-24.0.7_ce-98.103.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "runc-1.1.10-16.40.1.s390x",
                "product": {
                  "name": "runc-1.1.10-16.40.1.s390x",
                  "product_id": "runc-1.1.10-16.40.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "containerd-1.7.8-16.88.1.x86_64",
                "product": {
                  "name": "containerd-1.7.8-16.88.1.x86_64",
                  "product_id": "containerd-1.7.8-16.88.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "containerd-ctr-1.7.8-16.88.1.x86_64",
                "product": {
                  "name": "containerd-ctr-1.7.8-16.88.1.x86_64",
                  "product_id": "containerd-ctr-1.7.8-16.88.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "containerd-devel-1.7.8-16.88.1.x86_64",
                "product": {
                  "name": "containerd-devel-1.7.8-16.88.1.x86_64",
                  "product_id": "containerd-devel-1.7.8-16.88.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "docker-24.0.7_ce-98.103.1.x86_64",
                "product": {
                  "name": "docker-24.0.7_ce-98.103.1.x86_64",
                  "product_id": "docker-24.0.7_ce-98.103.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "runc-1.1.10-16.40.1.x86_64",
                "product": {
                  "name": "runc-1.1.10-16.40.1.x86_64",
                  "product_id": "runc-1.1.10-16.40.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Containers 12",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Containers 12",
                  "product_id": "SUSE Linux Enterprise Module for Containers 12",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-containers:12"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "containerd-1.7.8-16.88.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 12",
          "product_id": "SUSE Linux Enterprise Module for Containers 12:containerd-1.7.8-16.88.1.ppc64le"
        },
        "product_reference": "containerd-1.7.8-16.88.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "containerd-1.7.8-16.88.1.s390x as component of SUSE Linux Enterprise Module for Containers 12",
          "product_id": "SUSE Linux Enterprise Module for Containers 12:containerd-1.7.8-16.88.1.s390x"
        },
        "product_reference": "containerd-1.7.8-16.88.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "containerd-1.7.8-16.88.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 12",
          "product_id": "SUSE Linux Enterprise Module for Containers 12:containerd-1.7.8-16.88.1.x86_64"
        },
        "product_reference": "containerd-1.7.8-16.88.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-98.103.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 12",
          "product_id": "SUSE Linux Enterprise Module for Containers 12:docker-24.0.7_ce-98.103.1.ppc64le"
        },
        "product_reference": "docker-24.0.7_ce-98.103.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-98.103.1.s390x as component of SUSE Linux Enterprise Module for Containers 12",
          "product_id": "SUSE Linux Enterprise Module for Containers 12:docker-24.0.7_ce-98.103.1.s390x"
        },
        "product_reference": "docker-24.0.7_ce-98.103.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-98.103.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 12",
          "product_id": "SUSE Linux Enterprise Module for Containers 12:docker-24.0.7_ce-98.103.1.x86_64"
        },
        "product_reference": "docker-24.0.7_ce-98.103.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.1.10-16.40.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 12",
          "product_id": "SUSE Linux Enterprise Module for Containers 12:runc-1.1.10-16.40.1.ppc64le"
        },
        "product_reference": "runc-1.1.10-16.40.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.1.10-16.40.1.s390x as component of SUSE Linux Enterprise Module for Containers 12",
          "product_id": "SUSE Linux Enterprise Module for Containers 12:runc-1.1.10-16.40.1.s390x"
        },
        "product_reference": "runc-1.1.10-16.40.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-1.1.10-16.40.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 12",
          "product_id": "SUSE Linux Enterprise Module for Containers 12:runc-1.1.10-16.40.1.x86_64"
        },
        "product_reference": "runc-1.1.10-16.40.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-12912",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-12912"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A potential vulnerability in the AMD extension to Linux \"hwmon\" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Containers 12:containerd-1.7.8-16.88.1.ppc64le",
          "SUSE Linux Enterprise Module for Containers 12:containerd-1.7.8-16.88.1.s390x",
          "SUSE Linux Enterprise Module for Containers 12:containerd-1.7.8-16.88.1.x86_64",
          "SUSE Linux Enterprise Module for Containers 12:docker-24.0.7_ce-98.103.1.ppc64le",
          "SUSE Linux Enterprise Module for Containers 12:docker-24.0.7_ce-98.103.1.s390x",
          "SUSE Linux Enterprise Module for Containers 12:docker-24.0.7_ce-98.103.1.x86_64",
          "SUSE Linux Enterprise Module for Containers 12:runc-1.1.10-16.40.1.ppc64le",
          "SUSE Linux Enterprise Module for Containers 12:runc-1.1.10-16.40.1.s390x",
          "SUSE Linux Enterprise Module for Containers 12:runc-1.1.10-16.40.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-12912",
          "url": "https://www.suse.com/security/cve/CVE-2020-12912"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178760 for CVE-2020-12912",
          "url": "https://bugzilla.suse.com/1178760"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Containers 12:containerd-1.7.8-16.88.1.ppc64le",
            "SUSE Linux Enterprise Module for Containers 12:containerd-1.7.8-16.88.1.s390x",
            "SUSE Linux Enterprise Module for Containers 12:containerd-1.7.8-16.88.1.x86_64",
            "SUSE Linux Enterprise Module for Containers 12:docker-24.0.7_ce-98.103.1.ppc64le",
            "SUSE Linux Enterprise Module for Containers 12:docker-24.0.7_ce-98.103.1.s390x",
            "SUSE Linux Enterprise Module for Containers 12:docker-24.0.7_ce-98.103.1.x86_64",
            "SUSE Linux Enterprise Module for Containers 12:runc-1.1.10-16.40.1.ppc64le",
            "SUSE Linux Enterprise Module for Containers 12:runc-1.1.10-16.40.1.s390x",
            "SUSE Linux Enterprise Module for Containers 12:runc-1.1.10-16.40.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Containers 12:containerd-1.7.8-16.88.1.ppc64le",
            "SUSE Linux Enterprise Module for Containers 12:containerd-1.7.8-16.88.1.s390x",
            "SUSE Linux Enterprise Module for Containers 12:containerd-1.7.8-16.88.1.x86_64",
            "SUSE Linux Enterprise Module for Containers 12:docker-24.0.7_ce-98.103.1.ppc64le",
            "SUSE Linux Enterprise Module for Containers 12:docker-24.0.7_ce-98.103.1.s390x",
            "SUSE Linux Enterprise Module for Containers 12:docker-24.0.7_ce-98.103.1.x86_64",
            "SUSE Linux Enterprise Module for Containers 12:runc-1.1.10-16.40.1.ppc64le",
            "SUSE Linux Enterprise Module for Containers 12:runc-1.1.10-16.40.1.s390x",
            "SUSE Linux Enterprise Module for Containers 12:runc-1.1.10-16.40.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-12-01T08:26:08Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-12912"
    },
    {
      "cve": "CVE-2020-8694",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8694"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Containers 12:containerd-1.7.8-16.88.1.ppc64le",
          "SUSE Linux Enterprise Module for Containers 12:containerd-1.7.8-16.88.1.s390x",
          "SUSE Linux Enterprise Module for Containers 12:containerd-1.7.8-16.88.1.x86_64",
          "SUSE Linux Enterprise Module for Containers 12:docker-24.0.7_ce-98.103.1.ppc64le",
          "SUSE Linux Enterprise Module for Containers 12:docker-24.0.7_ce-98.103.1.s390x",
          "SUSE Linux Enterprise Module for Containers 12:docker-24.0.7_ce-98.103.1.x86_64",
          "SUSE Linux Enterprise Module for Containers 12:runc-1.1.10-16.40.1.ppc64le",
          "SUSE Linux Enterprise Module for Containers 12:runc-1.1.10-16.40.1.s390x",
          "SUSE Linux Enterprise Module for Containers 12:runc-1.1.10-16.40.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8694",
          "url": "https://www.suse.com/security/cve/CVE-2020-8694"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170415 for CVE-2020-8694",
          "url": "https://bugzilla.suse.com/1170415"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170446 for CVE-2020-8694",
          "url": "https://bugzilla.suse.com/1170446"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178591 for CVE-2020-8694",
          "url": "https://bugzilla.suse.com/1178591"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178700 for CVE-2020-8694",
          "url": "https://bugzilla.suse.com/1178700"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179661 for CVE-2020-8694",
          "url": "https://bugzilla.suse.com/1179661"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Containers 12:containerd-1.7.8-16.88.1.ppc64le",
            "SUSE Linux Enterprise Module for Containers 12:containerd-1.7.8-16.88.1.s390x",
            "SUSE Linux Enterprise Module for Containers 12:containerd-1.7.8-16.88.1.x86_64",
            "SUSE Linux Enterprise Module for Containers 12:docker-24.0.7_ce-98.103.1.ppc64le",
            "SUSE Linux Enterprise Module for Containers 12:docker-24.0.7_ce-98.103.1.s390x",
            "SUSE Linux Enterprise Module for Containers 12:docker-24.0.7_ce-98.103.1.x86_64",
            "SUSE Linux Enterprise Module for Containers 12:runc-1.1.10-16.40.1.ppc64le",
            "SUSE Linux Enterprise Module for Containers 12:runc-1.1.10-16.40.1.s390x",
            "SUSE Linux Enterprise Module for Containers 12:runc-1.1.10-16.40.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Containers 12:containerd-1.7.8-16.88.1.ppc64le",
            "SUSE Linux Enterprise Module for Containers 12:containerd-1.7.8-16.88.1.s390x",
            "SUSE Linux Enterprise Module for Containers 12:containerd-1.7.8-16.88.1.x86_64",
            "SUSE Linux Enterprise Module for Containers 12:docker-24.0.7_ce-98.103.1.ppc64le",
            "SUSE Linux Enterprise Module for Containers 12:docker-24.0.7_ce-98.103.1.s390x",
            "SUSE Linux Enterprise Module for Containers 12:docker-24.0.7_ce-98.103.1.x86_64",
            "SUSE Linux Enterprise Module for Containers 12:runc-1.1.10-16.40.1.ppc64le",
            "SUSE Linux Enterprise Module for Containers 12:runc-1.1.10-16.40.1.s390x",
            "SUSE Linux Enterprise Module for Containers 12:runc-1.1.10-16.40.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-12-01T08:26:08Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8694"
    },
    {
      "cve": "CVE-2020-8695",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8695"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Containers 12:containerd-1.7.8-16.88.1.ppc64le",
          "SUSE Linux Enterprise Module for Containers 12:containerd-1.7.8-16.88.1.s390x",
          "SUSE Linux Enterprise Module for Containers 12:containerd-1.7.8-16.88.1.x86_64",
          "SUSE Linux Enterprise Module for Containers 12:docker-24.0.7_ce-98.103.1.ppc64le",
          "SUSE Linux Enterprise Module for Containers 12:docker-24.0.7_ce-98.103.1.s390x",
          "SUSE Linux Enterprise Module for Containers 12:docker-24.0.7_ce-98.103.1.x86_64",
          "SUSE Linux Enterprise Module for Containers 12:runc-1.1.10-16.40.1.ppc64le",
          "SUSE Linux Enterprise Module for Containers 12:runc-1.1.10-16.40.1.s390x",
          "SUSE Linux Enterprise Module for Containers 12:runc-1.1.10-16.40.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8695",
          "url": "https://www.suse.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170415 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170415"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170446 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170446"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178591 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1178591"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Containers 12:containerd-1.7.8-16.88.1.ppc64le",
            "SUSE Linux Enterprise Module for Containers 12:containerd-1.7.8-16.88.1.s390x",
            "SUSE Linux Enterprise Module for Containers 12:containerd-1.7.8-16.88.1.x86_64",
            "SUSE Linux Enterprise Module for Containers 12:docker-24.0.7_ce-98.103.1.ppc64le",
            "SUSE Linux Enterprise Module for Containers 12:docker-24.0.7_ce-98.103.1.s390x",
            "SUSE Linux Enterprise Module for Containers 12:docker-24.0.7_ce-98.103.1.x86_64",
            "SUSE Linux Enterprise Module for Containers 12:runc-1.1.10-16.40.1.ppc64le",
            "SUSE Linux Enterprise Module for Containers 12:runc-1.1.10-16.40.1.s390x",
            "SUSE Linux Enterprise Module for Containers 12:runc-1.1.10-16.40.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Containers 12:containerd-1.7.8-16.88.1.ppc64le",
            "SUSE Linux Enterprise Module for Containers 12:containerd-1.7.8-16.88.1.s390x",
            "SUSE Linux Enterprise Module for Containers 12:containerd-1.7.8-16.88.1.x86_64",
            "SUSE Linux Enterprise Module for Containers 12:docker-24.0.7_ce-98.103.1.ppc64le",
            "SUSE Linux Enterprise Module for Containers 12:docker-24.0.7_ce-98.103.1.s390x",
            "SUSE Linux Enterprise Module for Containers 12:docker-24.0.7_ce-98.103.1.x86_64",
            "SUSE Linux Enterprise Module for Containers 12:runc-1.1.10-16.40.1.ppc64le",
            "SUSE Linux Enterprise Module for Containers 12:runc-1.1.10-16.40.1.s390x",
            "SUSE Linux Enterprise Module for Containers 12:runc-1.1.10-16.40.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-12-01T08:26:08Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8695"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for microcode_ctl",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for microcode_ctl fixes the following issues:\n\n- Updated Intel CPU Microcode to 20201110 official release.\n - CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) INTEL-SA-00389 (bsc#1170446)\n - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594)\n - CVE-2020-8696: Vector Register Sampling Active INTEL-SA-00381 (bsc#1173592)\n\n- Release notes:\n  - Security updates for [INTEL-SA-00381](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html).\n  - Security updates for [INTEL-SA-00389](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html).\n  - Update for functional issues. Refer to [Second Generation Intel\u00ae Xeon\u00ae Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details.\n  - Update for functional issues. Refer to [Intel\u00ae Xeon\u00ae Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details.\n  - Update for functional issues. Refer to [Intel\u00ae Xeon\u00ae Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details.\n  - Update for functional issues. Refer to [10th Gen Intel\u00ae Core\u2122 Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details.\n  - Update for functional issues. Refer to [8th and 9th Gen Intel\u00ae Core\u2122 Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details.\n  - Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel\u00ae Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details.\n  - Update for functional issues. Refer to [6th Gen Intel\u00ae Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details.\n  - Update for functional issues. Refer to [Intel\u00ae Xeon\u00ae E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details.\n  - Update for functional issues. Refer to [Intel\u00ae Xeon\u00ae E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details.\n\n  ### New Platforms\n  | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products\n  |:---------------|:---------|:------------|:---------|:---------|:---------\n  | CPX-SP         | A1       | 06-55-0b/bf |          | 0700001e | Xeon Scalable Gen3\n  | LKF            | B2/B3    | 06-8a-01/10 |          | 00000028 | Core w/Hybrid Technology\n  | TGL            | B1       | 06-8c-01/80 |          | 00000068 | Core Gen11 Mobile\n  | CML-H          | R1       | 06-a5-02/20 |          | 000000e0 | Core Gen10 Mobile\n  | CML-S62        | G1       | 06-a5-03/22 |          | 000000e0 | Core Gen10\n  | CML-S102       | Q0       | 06-a5-05/22 |          | 000000e0 | Core Gen10 \n  | CML-U62 V2     | K0       | 06-a6-01/80 |          | 000000e0 | Core Gen10 Mobile\n\n  ### Updated Platforms\n  | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products\n  |:---------------|:---------|:------------|:---------|:---------|:---------\n  | HSX-E/EP       | Cx/M1    | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3\n  | SKL-U/Y        | D0       | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile\n  | SKL-U23e       | K1       | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile\n  | SKX-SP         | B1       | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable\n  | SKX-SP         | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable\n  | SKX-D          | M1       | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx\n  | CLX-SP         | B0       | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2\n  | CLX-SP         | B1       | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2\n  | APL            | D0       | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx\n  | APL            | E0       | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx\n  | SKL-H/S        | R0/N0    | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5\n  | GKL-R          | R0       | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120\n  | ICL-U/Y        | D1       | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile\n  | AML-Y22        | H0       | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile\n  | KBL-U/Y        | H0       | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile\n  | CFL-U43e       | D0       | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile\n  | WHL-U          | W0       | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile\n  | AML-Y42        | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile\n  | CML-Y42        | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile\n  | WHL-U          | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile\n  | KBL-G/H/S/E3   | B0       | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6\n  | CFL-H/S/E3     | U0       | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E\n  | CFL-S          | B0       | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8\n  | CFL-H/S        | P0       | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9\n  | CFL-H          | R0       | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile\n  | CML-U62        | A0       | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "sleposp3-microcode_ctl-14546,slessp4-microcode_ctl-14546",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_14546-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2020:14546-1",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-202014546-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2020:14546-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007804.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1170446",
        "url": "https://bugzilla.suse.com/1170446"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1173592",
        "url": "https://bugzilla.suse.com/1173592"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1173594",
        "url": "https://bugzilla.suse.com/1173594"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8695 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8695/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8696 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8696/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8698 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8698/"
      }
    ],
    "title": "Security update for microcode_ctl",
    "tracking": {
      "current_release_date": "2020-11-19T08:27:15Z",
      "generator": {
        "date": "2020-11-19T08:27:15Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2020:14546-1",
      "initial_release_date": "2020-11-19T08:27:15Z",
      "revision_history": [
        {
          "date": "2020-11-19T08:27:15Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-1.17-102.83.62.1.i586",
                "product": {
                  "name": "microcode_ctl-1.17-102.83.62.1.i586",
                  "product_id": "microcode_ctl-1.17-102.83.62.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-1.17-102.83.62.1.x86_64",
                "product": {
                  "name": "microcode_ctl-1.17-102.83.62.1.x86_64",
                  "product_id": "microcode_ctl-1.17-102.83.62.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Point of Sale 11 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Point of Sale 11 SP3",
                  "product_id": "SUSE Linux Enterprise Point of Sale 11 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-pos:11:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse_sles:11:sp4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-1.17-102.83.62.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
          "product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.62.1.i586"
        },
        "product_reference": "microcode_ctl-1.17-102.83.62.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-1.17-102.83.62.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.62.1.i586"
        },
        "product_reference": "microcode_ctl-1.17-102.83.62.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-1.17-102.83.62.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.62.1.x86_64"
        },
        "product_reference": "microcode_ctl-1.17-102.83.62.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-8695",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8695"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.62.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.62.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.62.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8695",
          "url": "https://www.suse.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170415 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170415"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170446 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170446"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178591 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1178591"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.62.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.62.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.62.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.62.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.62.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.62.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-19T08:27:15Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8695"
    },
    {
      "cve": "CVE-2020-8696",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8696"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.62.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.62.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.62.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8696",
          "url": "https://www.suse.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173592 for CVE-2020-8696",
          "url": "https://bugzilla.suse.com/1173592"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.62.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.62.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.62.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.62.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.62.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.62.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-19T08:27:15Z",
          "details": "low"
        }
      ],
      "title": "CVE-2020-8696"
    },
    {
      "cve": "CVE-2020-8698",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8698"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.62.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.62.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.62.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8698",
          "url": "https://www.suse.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173594 for CVE-2020-8698",
          "url": "https://bugzilla.suse.com/1173594"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.62.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.62.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.62.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.62.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.62.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.62.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-19T08:27:15Z",
          "details": "low"
        }
      ],
      "title": "CVE-2020-8698"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for ucode-intel",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for ucode-intel fixes the following issues:\n\n- Intel CPU Microcode updated to 20201027 prerelease \n- CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446)\n- CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594)\n\n  # New Platforms:\n  | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products\n  |:---------------|:---------|:------------|:---------|:---------|:---------\n  | TGL            | B1       | 06-8c-01/80 |          | 00000068 | Core Gen11 Mobile\n  | CPX-SP         | A1       | 06-55-0b/bf |          | 0700001e | Xeon Scalable Gen3\n  | CML-H          | R1       | 06-a5-02/20 |          | 000000e0 | Core Gen10 Mobile\n  | CML-S62        | G1       | 06-a5-03/22 |          | 000000e0 | Core Gen10\n  | CML-S102       | Q0       | 06-a5-05/22 |          | 000000e0 | Core Gen10 \n  | CML-U62 V2     | K0       | 06-a6-01/80 |          | 000000e0 | Core Gen10 Mobile\n  # Updated Platforms:\n  | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products\n  |:---------------|:---------|:------------|:---------|:---------|:---------\n  | GKL-R          | R0       | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120\n  | SKL-U/Y        | D0       | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile\n  | SKL-U23e       | K1       | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile\n  | APL            | D0       | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx\n  | APL            | E0       | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx\n  | SKL-H/S        | R0/N0    | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5\n  | HSX-E/EP       | Cx/M1    | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3\n  | SKX-SP         | B1       | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable\n  | SKX-SP         | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable\n  | SKX-D          | M1       | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx\n  | CLX-SP         | B0       | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2\n  | CLX-SP         | B1       | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2\n  | ICL-U/Y        | D1       | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile\n  | AML-Y22        | H0       | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile\n  | KBL-U/Y        | H0       | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile\n  | CFL-U43e       | D0       | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile\n  | WHL-U          | W0       | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile\n  | AML-Y42        | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile\n  | CML-Y42        | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile\n  | WHL-U          | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile\n  | KBL-G/H/S/E3   | B0       | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6\n  | CFL-H/S/E3     | U0       | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E\n  | CFL-S          | B0       | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8\n  | CFL-H/S        | P0       | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9\n  | CFL-H          | R0       | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile\n  | CML-U62        | A0       | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2020-3275,SUSE-SLE-Product-HPC-15-2020-3275,SUSE-SLE-Product-SLES_SAP-15-2020-3275",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3275-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2020:3275-1",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203275-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2020:3275-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007746.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1170446",
        "url": "https://bugzilla.suse.com/1170446"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1173594",
        "url": "https://bugzilla.suse.com/1173594"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8695 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8695/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8698 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8698/"
      }
    ],
    "title": "Security update for ucode-intel",
    "tracking": {
      "current_release_date": "2020-11-10T19:09:59Z",
      "generator": {
        "date": "2020-11-10T19:09:59Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2020:3275-1",
      "initial_release_date": "2020-11-10T19:09:59Z",
      "revision_history": [
        {
          "date": "2020-11-10T19:09:59Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ucode-intel-20201027-3.51.1.i586",
                "product": {
                  "name": "ucode-intel-20201027-3.51.1.i586",
                  "product_id": "ucode-intel-20201027-3.51.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ucode-intel-20201027-3.51.1.x86_64",
                "product": {
                  "name": "ucode-intel-20201027-3.51.1.x86_64",
                  "product_id": "ucode-intel-20201027-3.51.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-espos:15"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-ltss:15"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 15",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 15",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 15",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:15"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201027-3.51.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20201027-3.51.1.x86_64"
        },
        "product_reference": "ucode-intel-20201027-3.51.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201027-3.51.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20201027-3.51.1.x86_64"
        },
        "product_reference": "ucode-intel-20201027-3.51.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201027-3.51.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20201027-3.51.1.x86_64"
        },
        "product_reference": "ucode-intel-20201027-3.51.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-8695",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8695"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20201027-3.51.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20201027-3.51.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20201027-3.51.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8695",
          "url": "https://www.suse.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170415 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170415"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170446 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170446"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178591 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1178591"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20201027-3.51.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20201027-3.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20201027-3.51.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20201027-3.51.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20201027-3.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20201027-3.51.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-10T19:09:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8695"
    },
    {
      "cve": "CVE-2020-8698",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8698"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20201027-3.51.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20201027-3.51.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20201027-3.51.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8698",
          "url": "https://www.suse.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173594 for CVE-2020-8698",
          "url": "https://bugzilla.suse.com/1173594"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20201027-3.51.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20201027-3.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20201027-3.51.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20201027-3.51.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20201027-3.51.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20201027-3.51.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-10T19:09:59Z",
          "details": "low"
        }
      ],
      "title": "CVE-2020-8698"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for ucode-intel",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for ucode-intel fixes the following issues:\n\n- Intel CPU Microcode updated to 20201027 pre-release \n- CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446)\n- CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594)\n\n  # New Platforms:\n  | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products\n  |:---------------|:---------|:------------|:---------|:---------|:---------\n  | TGL            | B1       | 06-8c-01/80 |          | 00000068 | Core Gen11 Mobile\n  | CPX-SP         | A1       | 06-55-0b/bf |          | 0700001e | Xeon Scalable Gen3\n  | CML-H          | R1       | 06-a5-02/20 |          | 000000e0 | Core Gen10 Mobile\n  | CML-S62        | G1       | 06-a5-03/22 |          | 000000e0 | Core Gen10\n  | CML-S102       | Q0       | 06-a5-05/22 |          | 000000e0 | Core Gen10 \n  | CML-U62 V2     | K0       | 06-a6-01/80 |          | 000000e0 | Core Gen10 Mobile\n  # Updated Platforms:\n  | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products\n  |:---------------|:---------|:------------|:---------|:---------|:---------\n  | GKL-R          | R0       | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120\n  | SKL-U/Y        | D0       | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile\n  | SKL-U23e       | K1       | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile\n  | APL            | D0       | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx\n  | APL            | E0       | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx\n  | SKL-H/S        | R0/N0    | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5\n  | HSX-E/EP       | Cx/M1    | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3\n  | SKX-SP         | B1       | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable\n  | SKX-SP         | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable\n  | SKX-D          | M1       | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx\n  | CLX-SP         | B0       | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2\n  | CLX-SP         | B1       | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2\n  | ICL-U/Y        | D1       | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile\n  | AML-Y22        | H0       | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile\n  | KBL-U/Y        | H0       | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile\n  | CFL-U43e       | D0       | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile\n  | WHL-U          | W0       | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile\n  | AML-Y42        | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile\n  | CML-Y42        | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile\n  | WHL-U          | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile\n  | KBL-G/H/S/E3   | B0       | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6\n  | CFL-H/S/E3     | U0       | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E\n  | CFL-S          | B0       | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8\n  | CFL-H/S        | P0       | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9\n  | CFL-H          | R0       | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile\n  | CML-U62        | A0       | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2020-3271,SUSE-SLE-Module-Basesystem-15-SP2-2020-3271",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3271-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2020:3271-1",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203271-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2020:3271-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2020-November/016830.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1170446",
        "url": "https://bugzilla.suse.com/1170446"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1173594",
        "url": "https://bugzilla.suse.com/1173594"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8695 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8695/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8698 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8698/"
      }
    ],
    "title": "Security update for ucode-intel",
    "tracking": {
      "current_release_date": "2020-11-10T18:05:18Z",
      "generator": {
        "date": "2020-11-10T18:05:18Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2020:3271-1",
      "initial_release_date": "2020-11-10T18:05:18Z",
      "revision_history": [
        {
          "date": "2020-11-10T18:05:18Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ucode-intel-20201027-2.7.1.i586",
                "product": {
                  "name": "ucode-intel-20201027-2.7.1.i586",
                  "product_id": "ucode-intel-20201027-2.7.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ucode-intel-20201027-2.7.1.x86_64",
                "product": {
                  "name": "ucode-intel-20201027-2.7.1.x86_64",
                  "product_id": "ucode-intel-20201027-2.7.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
                  "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-basesystem:15:sp2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201027-2.7.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:ucode-intel-20201027-2.7.1.x86_64"
        },
        "product_reference": "ucode-intel-20201027-2.7.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-8695",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8695"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:ucode-intel-20201027-2.7.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8695",
          "url": "https://www.suse.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170415 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170415"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170446 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170446"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178591 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1178591"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:ucode-intel-20201027-2.7.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:ucode-intel-20201027-2.7.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-10T18:05:18Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8695"
    },
    {
      "cve": "CVE-2020-8698",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8698"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:ucode-intel-20201027-2.7.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8698",
          "url": "https://www.suse.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173594 for CVE-2020-8698",
          "url": "https://bugzilla.suse.com/1173594"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:ucode-intel-20201027-2.7.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:ucode-intel-20201027-2.7.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-10T18:05:18Z",
          "details": "low"
        }
      ],
      "title": "CVE-2020-8698"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for ucode-intel",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for ucode-intel fixes the following issues:\n\n- Updated Intel CPU Microcode to 20201110 official release.\n - CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446)\n - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594)\n - CVE-2020-8696: Vector Register Sampling Active INTEL-SA-00381 (bsc#1173592)\n\n- Release notes:\n  - Security updates for [INTEL-SA-00381](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html).\n  - Security updates for [INTEL-SA-00389](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html).\n  - Update for functional issues. Refer to [Second Generation Intel\u00ae Xeon\u00ae Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details.\n  - Update for functional issues. Refer to [Intel\u00ae Xeon\u00ae Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details.\n  - Update for functional issues. Refer to [Intel\u00ae Xeon\u00ae Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details.\n  - Update for functional issues. Refer to [10th Gen Intel\u00ae Core\u2122 Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details.\n  - Update for functional issues. Refer to [8th and 9th Gen Intel\u00ae Core\u2122 Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details.\n  - Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel\u00ae Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details.\n  - Update for functional issues. Refer to [6th Gen Intel\u00ae Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details.\n  - Update for functional issues. Refer to [Intel\u00ae Xeon\u00ae E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details.\n  - Update for functional issues. Refer to [Intel\u00ae Xeon\u00ae E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details.\n\n  ### New Platforms\n  | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products\n  |:---------------|:---------|:------------|:---------|:---------|:---------\n  | CPX-SP         | A1       | 06-55-0b/bf |          | 0700001e | Xeon Scalable Gen3\n  | LKF            | B2/B3    | 06-8a-01/10 |          | 00000028 | Core w/Hybrid Technology\n  | TGL            | B1       | 06-8c-01/80 |          | 00000068 | Core Gen11 Mobile\n  | CML-H          | R1       | 06-a5-02/20 |          | 000000e0 | Core Gen10 Mobile\n  | CML-S62        | G1       | 06-a5-03/22 |          | 000000e0 | Core Gen10\n  | CML-S102       | Q0       | 06-a5-05/22 |          | 000000e0 | Core Gen10\n  | CML-U62 V2     | K0       | 06-a6-01/80 |          | 000000e0 | Core Gen10 Mobile\n  \n  ### Updated Platforms\n  | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products\n  |:---------------|:---------|:------------|:---------|:---------|:---------\n  | HSX-E/EP       | Cx/M1    | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3\n  | SKL-U/Y        | D0       | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile\n  | SKL-U23e       | K1       | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile\n  | SKX-SP         | B1       | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable\n  | SKX-SP         | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable\n  | SKX-D          | M1       | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx\n  | CLX-SP         | B0       | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2\n  | CLX-SP         | B1       | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2\n  | APL            | D0       | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx\n  | APL            | E0       | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx\n  | SKL-H/S        | R0/N0    | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5\n  | GKL-R          | R0       | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120\n  | ICL-U/Y        | D1       | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile\n  | AML-Y22        | H0       | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile\n  | KBL-U/Y        | H0       | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile\n  | CFL-U43e       | D0       | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile\n  | WHL-U          | W0       | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile\n  | AML-Y42        | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile\n  | CML-Y42        | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile\n  | WHL-U          | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile\n  | KBL-G/H/S/E3   | B0       | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6\n  | CFL-H/S/E3     | U0       | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E\n  | CFL-S          | B0       | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8\n  | CFL-H/S        | P0       | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9\n  | CFL-H          | R0       | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile\n  | CML-U62        | A0       | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2020-3374,SUSE-SLE-Product-HPC-15-2020-3374,SUSE-SLE-Product-SLES_SAP-15-2020-3374",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3374-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2020:3374-1",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203374-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2020:3374-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007808.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1170446",
        "url": "https://bugzilla.suse.com/1170446"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1173592",
        "url": "https://bugzilla.suse.com/1173592"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1173594",
        "url": "https://bugzilla.suse.com/1173594"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8695 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8695/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8696 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8696/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8698 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8698/"
      }
    ],
    "title": "Security update for ucode-intel",
    "tracking": {
      "current_release_date": "2020-11-19T08:28:04Z",
      "generator": {
        "date": "2020-11-19T08:28:04Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2020:3374-1",
      "initial_release_date": "2020-11-19T08:28:04Z",
      "revision_history": [
        {
          "date": "2020-11-19T08:28:04Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ucode-intel-20201110-3.55.1.i586",
                "product": {
                  "name": "ucode-intel-20201110-3.55.1.i586",
                  "product_id": "ucode-intel-20201110-3.55.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ucode-intel-20201110-3.55.1.x86_64",
                "product": {
                  "name": "ucode-intel-20201110-3.55.1.x86_64",
                  "product_id": "ucode-intel-20201110-3.55.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-espos:15"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-ltss:15"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 15",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 15",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 15",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:15"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201110-3.55.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20201110-3.55.1.x86_64"
        },
        "product_reference": "ucode-intel-20201110-3.55.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201110-3.55.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20201110-3.55.1.x86_64"
        },
        "product_reference": "ucode-intel-20201110-3.55.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201110-3.55.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20201110-3.55.1.x86_64"
        },
        "product_reference": "ucode-intel-20201110-3.55.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-8695",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8695"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20201110-3.55.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20201110-3.55.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20201110-3.55.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8695",
          "url": "https://www.suse.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170415 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170415"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170446 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170446"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178591 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1178591"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20201110-3.55.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20201110-3.55.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20201110-3.55.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20201110-3.55.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20201110-3.55.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20201110-3.55.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-19T08:28:04Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8695"
    },
    {
      "cve": "CVE-2020-8696",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8696"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20201110-3.55.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20201110-3.55.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20201110-3.55.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8696",
          "url": "https://www.suse.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173592 for CVE-2020-8696",
          "url": "https://bugzilla.suse.com/1173592"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20201110-3.55.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20201110-3.55.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20201110-3.55.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20201110-3.55.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20201110-3.55.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20201110-3.55.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-19T08:28:04Z",
          "details": "low"
        }
      ],
      "title": "CVE-2020-8696"
    },
    {
      "cve": "CVE-2020-8698",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8698"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20201110-3.55.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20201110-3.55.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20201110-3.55.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8698",
          "url": "https://www.suse.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173594 for CVE-2020-8698",
          "url": "https://bugzilla.suse.com/1173594"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20201110-3.55.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20201110-3.55.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20201110-3.55.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20201110-3.55.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20201110-3.55.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20201110-3.55.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-19T08:28:04Z",
          "details": "low"
        }
      ],
      "title": "CVE-2020-8698"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for ucode-intel",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for ucode-intel fixes the following issues:\n\n- Updated Intel CPU Microcode to 20201110 official release.\n - CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446)\n - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594)\n - CVE-2020-8696: Vector Register Sampling Active INTEL-SA-00381 (bsc#1173592)\n\n- Release notes:\n  - Security updates for [INTEL-SA-00381](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html).\n  - Security updates for [INTEL-SA-00389](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html).\n  - Update for functional issues. Refer to [Second Generation Intel\u00ae Xeon\u00ae Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details.\n  - Update for functional issues. Refer to [Intel\u00ae Xeon\u00ae Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details.\n  - Update for functional issues. Refer to [Intel\u00ae Xeon\u00ae Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details.\n  - Update for functional issues. Refer to [10th Gen Intel\u00ae Core\u2122 Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details.\n  - Update for functional issues. Refer to [8th and 9th Gen Intel\u00ae Core\u2122 Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details.\n  - Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel\u00ae Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details.\n  - Update for functional issues. Refer to [6th Gen Intel\u00ae Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details.\n  - Update for functional issues. Refer to [Intel\u00ae Xeon\u00ae E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details.\n  - Update for functional issues. Refer to [Intel\u00ae Xeon\u00ae E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details.\n\n  ### New Platforms\n  | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products\n  |:---------------|:---------|:------------|:---------|:---------|:---------\n  | CPX-SP         | A1       | 06-55-0b/bf |          | 0700001e | Xeon Scalable Gen3\n  | LKF            | B2/B3    | 06-8a-01/10 |          | 00000028 | Core w/Hybrid Technology\n  | TGL            | B1       | 06-8c-01/80 |          | 00000068 | Core Gen11 Mobile\n  | CML-H          | R1       | 06-a5-02/20 |          | 000000e0 | Core Gen10 Mobile\n  | CML-S62        | G1       | 06-a5-03/22 |          | 000000e0 | Core Gen10\n  | CML-S102       | Q0       | 06-a5-05/22 |          | 000000e0 | Core Gen10\n  | CML-U62 V2     | K0       | 06-a6-01/80 |          | 000000e0 | Core Gen10 Mobile\n\n  ### Updated Platforms\n  | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products\n  |:---------------|:---------|:------------|:---------|:---------|:---------\n  | HSX-E/EP       | Cx/M1    | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3\n  | SKL-U/Y        | D0       | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile\n  | SKL-U23e       | K1       | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile\n  | SKX-SP         | B1       | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable\n  | SKX-SP         | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable\n  | SKX-D          | M1       | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx\n  | CLX-SP         | B0       | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2\n  | CLX-SP         | B1       | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2\n  | APL            | D0       | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx\n  | APL            | E0       | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx\n  | SKL-H/S        | R0/N0    | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5\n  | GKL-R          | R0       | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120\n  | ICL-U/Y        | D1       | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile\n  | AML-Y22        | H0       | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile\n  | KBL-U/Y        | H0       | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile\n  | CFL-U43e       | D0       | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile\n  | WHL-U          | W0       | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile\n  | AML-Y42        | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile\n  | CML-Y42        | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile\n  | WHL-U          | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile\n  | KBL-G/H/S/E3   | B0       | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6\n  | CFL-H/S/E3     | U0       | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E\n  | CFL-S          | B0       | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8\n  | CFL-H/S        | P0       | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9\n  | CFL-H          | R0       | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile\n  | CML-U62        | A0       | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2020-3372,SUSE-SLE-Module-Basesystem-15-SP1-2020-3372",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3372-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2020:3372-1",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203372-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2020:3372-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007796.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1170446",
        "url": "https://bugzilla.suse.com/1170446"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1173592",
        "url": "https://bugzilla.suse.com/1173592"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1173594",
        "url": "https://bugzilla.suse.com/1173594"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8695 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8695/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8696 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8696/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8698 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8698/"
      }
    ],
    "title": "Security update for ucode-intel",
    "tracking": {
      "current_release_date": "2020-11-19T08:27:30Z",
      "generator": {
        "date": "2020-11-19T08:27:30Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2020:3372-1",
      "initial_release_date": "2020-11-19T08:27:30Z",
      "revision_history": [
        {
          "date": "2020-11-19T08:27:30Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ucode-intel-20201110-3.39.1.i586",
                "product": {
                  "name": "ucode-intel-20201110-3.39.1.i586",
                  "product_id": "ucode-intel-20201110-3.39.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ucode-intel-20201110-3.39.1.x86_64",
                "product": {
                  "name": "ucode-intel-20201110-3.39.1.x86_64",
                  "product_id": "ucode-intel-20201110-3.39.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
                  "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-basesystem:15:sp1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201110-3.39.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ucode-intel-20201110-3.39.1.x86_64"
        },
        "product_reference": "ucode-intel-20201110-3.39.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-8695",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8695"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:ucode-intel-20201110-3.39.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8695",
          "url": "https://www.suse.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170415 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170415"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170446 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170446"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178591 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1178591"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:ucode-intel-20201110-3.39.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:ucode-intel-20201110-3.39.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-19T08:27:30Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8695"
    },
    {
      "cve": "CVE-2020-8696",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8696"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:ucode-intel-20201110-3.39.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8696",
          "url": "https://www.suse.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173592 for CVE-2020-8696",
          "url": "https://bugzilla.suse.com/1173592"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:ucode-intel-20201110-3.39.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:ucode-intel-20201110-3.39.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-19T08:27:30Z",
          "details": "low"
        }
      ],
      "title": "CVE-2020-8696"
    },
    {
      "cve": "CVE-2020-8698",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8698"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:ucode-intel-20201110-3.39.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8698",
          "url": "https://www.suse.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173594 for CVE-2020-8698",
          "url": "https://bugzilla.suse.com/1173594"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:ucode-intel-20201110-3.39.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:ucode-intel-20201110-3.39.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-19T08:27:30Z",
          "details": "low"
        }
      ],
      "title": "CVE-2020-8698"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for ucode-intel",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for ucode-intel fixes the following issues:\n\n- Intel CPU Microcode updated to 20201027 prerelease \n- CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446)\n- CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594)\n\n# New Platforms:\n  | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products\n  |:---------------|:---------|:------------|:---------|:---------|:---------\n  | TGL            | B1       | 06-8c-01/80 |          | 00000068 | Core Gen11 Mobile\n  | CPX-SP         | A1       | 06-55-0b/bf |          | 0700001e | Xeon Scalable Gen3\n  | CML-H          | R1       | 06-a5-02/20 |          | 000000e0 | Core Gen10 Mobile\n  | CML-S62        | G1       | 06-a5-03/22 |          | 000000e0 | Core Gen10\n  | CML-S102       | Q0       | 06-a5-05/22 |          | 000000e0 | Core Gen10 \n  | CML-U62 V2     | K0       | 06-a6-01/80 |          | 000000e0 | Core Gen10 Mobile\n  # Updated Platforms:\n  | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products\n  |:---------------|:---------|:------------|:---------|:---------|:---------\n  | GKL-R          | R0       | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120\n  | SKL-U/Y        | D0       | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile\n  | SKL-U23e       | K1       | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile\n  | APL            | D0       | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx\n  | APL            | E0       | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx\n  | SKL-H/S        | R0/N0    | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5\n  | HSX-E/EP       | Cx/M1    | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3\n  | SKX-SP         | B1       | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable\n  | SKX-SP         | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable\n  | SKX-D          | M1       | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx\n  | CLX-SP         | B0       | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2\n  | CLX-SP         | B1       | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2\n  | ICL-U/Y        | D1       | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile\n  | AML-Y22        | H0       | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile\n  | KBL-U/Y        | H0       | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile\n  | CFL-U43e       | D0       | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile\n  | WHL-U          | W0       | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile\n  | AML-Y42        | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile\n  | CML-Y42        | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile\n  | WHL-U          | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile\n  | KBL-G/H/S/E3   | B0       | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6\n  | CFL-H/S/E3     | U0       | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E\n  | CFL-S          | B0       | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8\n  | CFL-H/S        | P0       | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9\n  | CFL-H          | R0       | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile\n  | CML-U62        | A0       | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "HPE-Helion-OpenStack-8-2020-3279,SUSE-2020-3279,SUSE-OpenStack-Cloud-7-2020-3279,SUSE-OpenStack-Cloud-8-2020-3279,SUSE-OpenStack-Cloud-9-2020-3279,SUSE-OpenStack-Cloud-Crowbar-8-2020-3279,SUSE-OpenStack-Cloud-Crowbar-9-2020-3279,SUSE-SLE-SAP-12-SP2-2020-3279,SUSE-SLE-SAP-12-SP3-2020-3279,SUSE-SLE-SAP-12-SP4-2020-3279,SUSE-SLE-SERVER-12-SP2-2020-3279,SUSE-SLE-SERVER-12-SP2-BCL-2020-3279,SUSE-SLE-SERVER-12-SP3-2020-3279,SUSE-SLE-SERVER-12-SP3-BCL-2020-3279,SUSE-SLE-SERVER-12-SP4-LTSS-2020-3279,SUSE-Storage-5-2020-3279",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3279-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2020:3279-1",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203279-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2020:3279-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007757.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1170446",
        "url": "https://bugzilla.suse.com/1170446"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1173594",
        "url": "https://bugzilla.suse.com/1173594"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8695 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8695/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8698 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8698/"
      }
    ],
    "title": "Security update for ucode-intel",
    "tracking": {
      "current_release_date": "2020-11-11T08:18:34Z",
      "generator": {
        "date": "2020-11-11T08:18:34Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2020:3279-1",
      "initial_release_date": "2020-11-11T08:18:34Z",
      "revision_history": [
        {
          "date": "2020-11-11T08:18:34Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ucode-intel-20201027-13.76.1.i586",
                "product": {
                  "name": "ucode-intel-20201027-13.76.1.i586",
                  "product_id": "ucode-intel-20201027-13.76.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ucode-intel-20201027-13.76.1.x86_64",
                "product": {
                  "name": "ucode-intel-20201027-13.76.1.x86_64",
                  "product_id": "ucode-intel-20201027-13.76.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "HPE Helion OpenStack 8",
                "product": {
                  "name": "HPE Helion OpenStack 8",
                  "product_id": "HPE Helion OpenStack 8",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:hpe-helion-openstack:8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud 7",
                "product": {
                  "name": "SUSE OpenStack Cloud 7",
                  "product_id": "SUSE OpenStack Cloud 7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud:7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud 8",
                "product": {
                  "name": "SUSE OpenStack Cloud 8",
                  "product_id": "SUSE OpenStack Cloud 8",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud:8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud 9",
                "product": {
                  "name": "SUSE OpenStack Cloud 9",
                  "product_id": "SUSE OpenStack Cloud 9",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud:9"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud Crowbar 8",
                "product": {
                  "name": "SUSE OpenStack Cloud Crowbar 8",
                  "product_id": "SUSE OpenStack Cloud Crowbar 8",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud Crowbar 9",
                "product": {
                  "name": "SUSE OpenStack Cloud Crowbar 9",
                  "product_id": "SUSE OpenStack Cloud Crowbar 9",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:9"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP2-BCL",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP2-BCL",
                  "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-bcl:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP3-BCL",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP3-BCL",
                  "product_id": "SUSE Linux Enterprise Server 12 SP3-BCL",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-bcl:12:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Enterprise Storage 5",
                "product": {
                  "name": "SUSE Enterprise Storage 5",
                  "product_id": "SUSE Enterprise Storage 5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:ses:5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201027-13.76.1.x86_64 as component of HPE Helion OpenStack 8",
          "product_id": "HPE Helion OpenStack 8:ucode-intel-20201027-13.76.1.x86_64"
        },
        "product_reference": "ucode-intel-20201027-13.76.1.x86_64",
        "relates_to_product_reference": "HPE Helion OpenStack 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201027-13.76.1.x86_64 as component of SUSE OpenStack Cloud 7",
          "product_id": "SUSE OpenStack Cloud 7:ucode-intel-20201027-13.76.1.x86_64"
        },
        "product_reference": "ucode-intel-20201027-13.76.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201027-13.76.1.x86_64 as component of SUSE OpenStack Cloud 8",
          "product_id": "SUSE OpenStack Cloud 8:ucode-intel-20201027-13.76.1.x86_64"
        },
        "product_reference": "ucode-intel-20201027-13.76.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201027-13.76.1.x86_64 as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:ucode-intel-20201027-13.76.1.x86_64"
        },
        "product_reference": "ucode-intel-20201027-13.76.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201027-13.76.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
          "product_id": "SUSE OpenStack Cloud Crowbar 8:ucode-intel-20201027-13.76.1.x86_64"
        },
        "product_reference": "ucode-intel-20201027-13.76.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201027-13.76.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:ucode-intel-20201027-13.76.1.x86_64"
        },
        "product_reference": "ucode-intel-20201027-13.76.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201027-13.76.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20201027-13.76.1.x86_64"
        },
        "product_reference": "ucode-intel-20201027-13.76.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201027-13.76.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20201027-13.76.1.x86_64"
        },
        "product_reference": "ucode-intel-20201027-13.76.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201027-13.76.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20201027-13.76.1.x86_64"
        },
        "product_reference": "ucode-intel-20201027-13.76.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201027-13.76.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20201027-13.76.1.x86_64"
        },
        "product_reference": "ucode-intel-20201027-13.76.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201027-13.76.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20201027-13.76.1.x86_64"
        },
        "product_reference": "ucode-intel-20201027-13.76.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201027-13.76.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20201027-13.76.1.x86_64"
        },
        "product_reference": "ucode-intel-20201027-13.76.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201027-13.76.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20201027-13.76.1.x86_64"
        },
        "product_reference": "ucode-intel-20201027-13.76.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201027-13.76.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20201027-13.76.1.x86_64"
        },
        "product_reference": "ucode-intel-20201027-13.76.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201027-13.76.1.x86_64 as component of SUSE Enterprise Storage 5",
          "product_id": "SUSE Enterprise Storage 5:ucode-intel-20201027-13.76.1.x86_64"
        },
        "product_reference": "ucode-intel-20201027-13.76.1.x86_64",
        "relates_to_product_reference": "SUSE Enterprise Storage 5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-8695",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8695"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "HPE Helion OpenStack 8:ucode-intel-20201027-13.76.1.x86_64",
          "SUSE Enterprise Storage 5:ucode-intel-20201027-13.76.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20201027-13.76.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20201027-13.76.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20201027-13.76.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20201027-13.76.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20201027-13.76.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20201027-13.76.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20201027-13.76.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20201027-13.76.1.x86_64",
          "SUSE OpenStack Cloud 7:ucode-intel-20201027-13.76.1.x86_64",
          "SUSE OpenStack Cloud 8:ucode-intel-20201027-13.76.1.x86_64",
          "SUSE OpenStack Cloud 9:ucode-intel-20201027-13.76.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:ucode-intel-20201027-13.76.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:ucode-intel-20201027-13.76.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8695",
          "url": "https://www.suse.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170415 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170415"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170446 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170446"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178591 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1178591"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "HPE Helion OpenStack 8:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE Enterprise Storage 5:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE OpenStack Cloud 7:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE OpenStack Cloud 8:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE OpenStack Cloud 9:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:ucode-intel-20201027-13.76.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "HPE Helion OpenStack 8:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE Enterprise Storage 5:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE OpenStack Cloud 7:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE OpenStack Cloud 8:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE OpenStack Cloud 9:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:ucode-intel-20201027-13.76.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-11T08:18:34Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8695"
    },
    {
      "cve": "CVE-2020-8698",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8698"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "HPE Helion OpenStack 8:ucode-intel-20201027-13.76.1.x86_64",
          "SUSE Enterprise Storage 5:ucode-intel-20201027-13.76.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20201027-13.76.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20201027-13.76.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20201027-13.76.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20201027-13.76.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20201027-13.76.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20201027-13.76.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20201027-13.76.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20201027-13.76.1.x86_64",
          "SUSE OpenStack Cloud 7:ucode-intel-20201027-13.76.1.x86_64",
          "SUSE OpenStack Cloud 8:ucode-intel-20201027-13.76.1.x86_64",
          "SUSE OpenStack Cloud 9:ucode-intel-20201027-13.76.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 8:ucode-intel-20201027-13.76.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:ucode-intel-20201027-13.76.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8698",
          "url": "https://www.suse.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173594 for CVE-2020-8698",
          "url": "https://bugzilla.suse.com/1173594"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "HPE Helion OpenStack 8:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE Enterprise Storage 5:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE OpenStack Cloud 7:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE OpenStack Cloud 8:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE OpenStack Cloud 9:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:ucode-intel-20201027-13.76.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "HPE Helion OpenStack 8:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE Enterprise Storage 5:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-LTSS:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE OpenStack Cloud 7:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE OpenStack Cloud 8:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE OpenStack Cloud 9:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 8:ucode-intel-20201027-13.76.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:ucode-intel-20201027-13.76.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-11T08:18:34Z",
          "details": "low"
        }
      ],
      "title": "CVE-2020-8698"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for docker, rootlesskit",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for docker, rootlesskit fixes the following issues:\n\ndocker:\n\n- Update to Docker 24.0.7-ce. See upstream changelong online at\n  https://docs.docker.com/engine/release-notes/24.0/#2407\u003e. bsc#1217513\n  * Deny containers access to /sys/devices/virtual/powercap by default.\n    - CVE-2020-8694 bsc#1170415\n    - CVE-2020-8695 bsc#1170446\n    - CVE-2020-12912 bsc#1178760\n\n- Update to Docker 24.0.6-ce. See upstream changelong online at\n\n  \thttps://docs.docker.com/engine/release-notes/24.0/#2406 . bsc#1215323\n\n- Add a docker.socket unit file, but with socket activation effectively\n  disabled to ensure that Docker will always run even if you start the socket\n  individually. Users should probably just ignore this unit file. bsc#1210141\n\n- Update to Docker 24.0.5-ce. See upstream changelong online at\n\n\thttps://docs.docker.com/engine/release-notes/24.0/#2405 . bsc#1213229\n\nThis update ships docker-rootless support in the docker-rootless-extra package. (jsc#PED-6180)\n\nrootlesskit:\n\n- new package, for docker rootless support. (jsc#PED-6180)\n\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2023-4936,SUSE-SLE-Micro-5.3-2023-4936,SUSE-SLE-Micro-5.4-2023-4936,SUSE-SLE-Micro-5.5-2023-4936,SUSE-SLE-Module-Containers-15-SP4-2023-4936,SUSE-SLE-Module-Containers-15-SP5-2023-4936,SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4936,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4936,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4936,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4936,SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4936,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4936,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4936,SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4936,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4936,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4936,SUSE-SUSE-MicroOS-5.1-2023-4936,SUSE-SUSE-MicroOS-5.2-2023-4936,SUSE-Storage-7.1-2023-4936,openSUSE-Leap-Micro-5.3-2023-4936,openSUSE-Leap-Micro-5.4-2023-4936,openSUSE-SLE-15.4-2023-4936,openSUSE-SLE-15.5-2023-4936",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_4936-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2023:4936-1",
        "url": "https://www.suse.com/support/update/announcement/2023/suse-su-20234936-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2023:4936-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017510.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1170415",
        "url": "https://bugzilla.suse.com/1170415"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1170446",
        "url": "https://bugzilla.suse.com/1170446"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178760",
        "url": "https://bugzilla.suse.com/1178760"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1210141",
        "url": "https://bugzilla.suse.com/1210141"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1213229",
        "url": "https://bugzilla.suse.com/1213229"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1213500",
        "url": "https://bugzilla.suse.com/1213500"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1215323",
        "url": "https://bugzilla.suse.com/1215323"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1217513",
        "url": "https://bugzilla.suse.com/1217513"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-12912 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-12912/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8694 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8694/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8695 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8695/"
      }
    ],
    "title": "Security update for docker, rootlesskit",
    "tracking": {
      "current_release_date": "2023-12-20T16:18:41Z",
      "generator": {
        "date": "2023-12-20T16:18:41Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2023:4936-1",
      "initial_release_date": "2023-12-20T16:18:41Z",
      "revision_history": [
        {
          "date": "2023-12-20T16:18:41Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "docker-24.0.7_ce-150000.190.4.aarch64",
                "product": {
                  "name": "docker-24.0.7_ce-150000.190.4.aarch64",
                  "product_id": "docker-24.0.7_ce-150000.190.4.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "rootlesskit-1.1.1-150000.1.3.3.aarch64",
                "product": {
                  "name": "rootlesskit-1.1.1-150000.1.3.3.aarch64",
                  "product_id": "rootlesskit-1.1.1-150000.1.3.3.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "docker-24.0.7_ce-150000.190.4.i586",
                "product": {
                  "name": "docker-24.0.7_ce-150000.190.4.i586",
                  "product_id": "docker-24.0.7_ce-150000.190.4.i586"
                }
              },
              {
                "category": "product_version",
                "name": "rootlesskit-1.1.1-150000.1.3.3.i586",
                "product": {
                  "name": "rootlesskit-1.1.1-150000.1.3.3.i586",
                  "product_id": "rootlesskit-1.1.1-150000.1.3.3.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
                "product": {
                  "name": "docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
                  "product_id": "docker-bash-completion-24.0.7_ce-150000.190.4.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
                "product": {
                  "name": "docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
                  "product_id": "docker-fish-completion-24.0.7_ce-150000.190.4.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
                "product": {
                  "name": "docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
                  "product_id": "docker-rootless-extras-24.0.7_ce-150000.190.4.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "docker-zsh-completion-24.0.7_ce-150000.190.4.noarch",
                "product": {
                  "name": "docker-zsh-completion-24.0.7_ce-150000.190.4.noarch",
                  "product_id": "docker-zsh-completion-24.0.7_ce-150000.190.4.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "docker-24.0.7_ce-150000.190.4.ppc64le",
                "product": {
                  "name": "docker-24.0.7_ce-150000.190.4.ppc64le",
                  "product_id": "docker-24.0.7_ce-150000.190.4.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "rootlesskit-1.1.1-150000.1.3.3.ppc64le",
                "product": {
                  "name": "rootlesskit-1.1.1-150000.1.3.3.ppc64le",
                  "product_id": "rootlesskit-1.1.1-150000.1.3.3.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "docker-24.0.7_ce-150000.190.4.s390x",
                "product": {
                  "name": "docker-24.0.7_ce-150000.190.4.s390x",
                  "product_id": "docker-24.0.7_ce-150000.190.4.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "rootlesskit-1.1.1-150000.1.3.3.s390x",
                "product": {
                  "name": "rootlesskit-1.1.1-150000.1.3.3.s390x",
                  "product_id": "rootlesskit-1.1.1-150000.1.3.3.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "docker-24.0.7_ce-150000.190.4.x86_64",
                "product": {
                  "name": "docker-24.0.7_ce-150000.190.4.x86_64",
                  "product_id": "docker-24.0.7_ce-150000.190.4.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "rootlesskit-1.1.1-150000.1.3.3.x86_64",
                "product": {
                  "name": "rootlesskit-1.1.1-150000.1.3.3.x86_64",
                  "product_id": "rootlesskit-1.1.1-150000.1.3.3.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Micro 5.3",
                "product": {
                  "name": "SUSE Linux Enterprise Micro 5.3",
                  "product_id": "SUSE Linux Enterprise Micro 5.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-micro:5.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Micro 5.4",
                "product": {
                  "name": "SUSE Linux Enterprise Micro 5.4",
                  "product_id": "SUSE Linux Enterprise Micro 5.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-micro:5.4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Micro 5.5",
                "product": {
                  "name": "SUSE Linux Enterprise Micro 5.5",
                  "product_id": "SUSE Linux Enterprise Micro 5.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-micro:5.5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Containers 15 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Containers 15 SP4",
                  "product_id": "SUSE Linux Enterprise Module for Containers 15 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-containers:15:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Containers 15 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Containers 15 SP5",
                  "product_id": "SUSE Linux Enterprise Module for Containers 15 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-containers:15:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-espos:15:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:15:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:15:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:15:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:15:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:15:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:15:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Micro 5.1",
                "product": {
                  "name": "SUSE Linux Enterprise Micro 5.1",
                  "product_id": "SUSE Linux Enterprise Micro 5.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-microos:5.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Micro 5.2",
                "product": {
                  "name": "SUSE Linux Enterprise Micro 5.2",
                  "product_id": "SUSE Linux Enterprise Micro 5.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-microos:5.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Enterprise Storage 7.1",
                "product": {
                  "name": "SUSE Enterprise Storage 7.1",
                  "product_id": "SUSE Enterprise Storage 7.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:ses:7.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap Micro 5.3",
                "product": {
                  "name": "openSUSE Leap Micro 5.3",
                  "product_id": "openSUSE Leap Micro 5.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap-micro:5.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap Micro 5.4",
                "product": {
                  "name": "openSUSE Leap Micro 5.4",
                  "product_id": "openSUSE Leap Micro 5.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap-micro:5.4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.4",
                "product": {
                  "name": "openSUSE Leap 15.4",
                  "product_id": "openSUSE Leap 15.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.5",
                "product": {
                  "name": "openSUSE Leap 15.5",
                  "product_id": "openSUSE Leap 15.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
          "product_id": "SUSE Linux Enterprise Micro 5.3:docker-24.0.7_ce-150000.190.4.aarch64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.s390x as component of SUSE Linux Enterprise Micro 5.3",
          "product_id": "SUSE Linux Enterprise Micro 5.3:docker-24.0.7_ce-150000.190.4.s390x"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
          "product_id": "SUSE Linux Enterprise Micro 5.3:docker-24.0.7_ce-150000.190.4.x86_64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
          "product_id": "SUSE Linux Enterprise Micro 5.4:docker-24.0.7_ce-150000.190.4.aarch64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.s390x as component of SUSE Linux Enterprise Micro 5.4",
          "product_id": "SUSE Linux Enterprise Micro 5.4:docker-24.0.7_ce-150000.190.4.s390x"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
          "product_id": "SUSE Linux Enterprise Micro 5.4:docker-24.0.7_ce-150000.190.4.x86_64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
          "product_id": "SUSE Linux Enterprise Micro 5.5:docker-24.0.7_ce-150000.190.4.aarch64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.s390x as component of SUSE Linux Enterprise Micro 5.5",
          "product_id": "SUSE Linux Enterprise Micro 5.5:docker-24.0.7_ce-150000.190.4.s390x"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
          "product_id": "SUSE Linux Enterprise Micro 5.5:docker-24.0.7_ce-150000.190.4.x86_64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP4",
          "product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.aarch64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP4",
          "product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.ppc64le"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP4",
          "product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.s390x"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP4",
          "product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.x86_64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-bash-completion-24.0.7_ce-150000.190.4.noarch as component of SUSE Linux Enterprise Module for Containers 15 SP4",
          "product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:docker-bash-completion-24.0.7_ce-150000.190.4.noarch"
        },
        "product_reference": "docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-rootless-extras-24.0.7_ce-150000.190.4.noarch as component of SUSE Linux Enterprise Module for Containers 15 SP4",
          "product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch"
        },
        "product_reference": "docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rootlesskit-1.1.1-150000.1.3.3.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP4",
          "product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.aarch64"
        },
        "product_reference": "rootlesskit-1.1.1-150000.1.3.3.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rootlesskit-1.1.1-150000.1.3.3.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP4",
          "product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.ppc64le"
        },
        "product_reference": "rootlesskit-1.1.1-150000.1.3.3.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rootlesskit-1.1.1-150000.1.3.3.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP4",
          "product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.s390x"
        },
        "product_reference": "rootlesskit-1.1.1-150000.1.3.3.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rootlesskit-1.1.1-150000.1.3.3.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP4",
          "product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.x86_64"
        },
        "product_reference": "rootlesskit-1.1.1-150000.1.3.3.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.aarch64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.ppc64le"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.s390x"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.x86_64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-bash-completion-24.0.7_ce-150000.190.4.noarch as component of SUSE Linux Enterprise Module for Containers 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-24.0.7_ce-150000.190.4.noarch"
        },
        "product_reference": "docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-rootless-extras-24.0.7_ce-150000.190.4.noarch as component of SUSE Linux Enterprise Module for Containers 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch"
        },
        "product_reference": "docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rootlesskit-1.1.1-150000.1.3.3.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.aarch64"
        },
        "product_reference": "rootlesskit-1.1.1-150000.1.3.3.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rootlesskit-1.1.1-150000.1.3.3.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.ppc64le"
        },
        "product_reference": "rootlesskit-1.1.1-150000.1.3.3.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rootlesskit-1.1.1-150000.1.3.3.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.s390x"
        },
        "product_reference": "rootlesskit-1.1.1-150000.1.3.3.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rootlesskit-1.1.1-150000.1.3.3.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.x86_64"
        },
        "product_reference": "rootlesskit-1.1.1-150000.1.3.3.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.aarch64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.x86_64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-bash-completion-24.0.7_ce-150000.190.4.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch"
        },
        "product_reference": "docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.aarch64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.x86_64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-bash-completion-24.0.7_ce-150000.190.4.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch"
        },
        "product_reference": "docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-24.0.7_ce-150000.190.4.aarch64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-24.0.7_ce-150000.190.4.x86_64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-bash-completion-24.0.7_ce-150000.190.4.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch"
        },
        "product_reference": "docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-fish-completion-24.0.7_ce-150000.190.4.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-fish-completion-24.0.7_ce-150000.190.4.noarch"
        },
        "product_reference": "docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.aarch64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.x86_64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-bash-completion-24.0.7_ce-150000.190.4.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch"
        },
        "product_reference": "docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-fish-completion-24.0.7_ce-150000.190.4.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-24.0.7_ce-150000.190.4.noarch"
        },
        "product_reference": "docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.aarch64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.ppc64le"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.s390x"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.x86_64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-bash-completion-24.0.7_ce-150000.190.4.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch"
        },
        "product_reference": "docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.aarch64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.ppc64le"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.s390x"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.x86_64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-bash-completion-24.0.7_ce-150000.190.4.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch"
        },
        "product_reference": "docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.aarch64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.ppc64le"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.s390x"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.x86_64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-bash-completion-24.0.7_ce-150000.190.4.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch"
        },
        "product_reference": "docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-fish-completion-24.0.7_ce-150000.190.4.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-24.0.7_ce-150000.190.4.noarch"
        },
        "product_reference": "docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-24.0.7_ce-150000.190.4.ppc64le"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-24.0.7_ce-150000.190.4.x86_64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-bash-completion-24.0.7_ce-150000.190.4.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-24.0.7_ce-150000.190.4.noarch"
        },
        "product_reference": "docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-24.0.7_ce-150000.190.4.ppc64le"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-24.0.7_ce-150000.190.4.x86_64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-bash-completion-24.0.7_ce-150000.190.4.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-24.0.7_ce-150000.190.4.noarch"
        },
        "product_reference": "docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-24.0.7_ce-150000.190.4.ppc64le"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-24.0.7_ce-150000.190.4.x86_64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-bash-completion-24.0.7_ce-150000.190.4.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-24.0.7_ce-150000.190.4.noarch"
        },
        "product_reference": "docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-fish-completion-24.0.7_ce-150000.190.4.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-24.0.7_ce-150000.190.4.noarch"
        },
        "product_reference": "docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
          "product_id": "SUSE Linux Enterprise Micro 5.1:docker-24.0.7_ce-150000.190.4.aarch64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.s390x as component of SUSE Linux Enterprise Micro 5.1",
          "product_id": "SUSE Linux Enterprise Micro 5.1:docker-24.0.7_ce-150000.190.4.s390x"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
          "product_id": "SUSE Linux Enterprise Micro 5.1:docker-24.0.7_ce-150000.190.4.x86_64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
          "product_id": "SUSE Linux Enterprise Micro 5.2:docker-24.0.7_ce-150000.190.4.aarch64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.s390x as component of SUSE Linux Enterprise Micro 5.2",
          "product_id": "SUSE Linux Enterprise Micro 5.2:docker-24.0.7_ce-150000.190.4.s390x"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
          "product_id": "SUSE Linux Enterprise Micro 5.2:docker-24.0.7_ce-150000.190.4.x86_64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.aarch64 as component of SUSE Enterprise Storage 7.1",
          "product_id": "SUSE Enterprise Storage 7.1:docker-24.0.7_ce-150000.190.4.aarch64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.aarch64",
        "relates_to_product_reference": "SUSE Enterprise Storage 7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.x86_64 as component of SUSE Enterprise Storage 7.1",
          "product_id": "SUSE Enterprise Storage 7.1:docker-24.0.7_ce-150000.190.4.x86_64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.x86_64",
        "relates_to_product_reference": "SUSE Enterprise Storage 7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-bash-completion-24.0.7_ce-150000.190.4.noarch as component of SUSE Enterprise Storage 7.1",
          "product_id": "SUSE Enterprise Storage 7.1:docker-bash-completion-24.0.7_ce-150000.190.4.noarch"
        },
        "product_reference": "docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
        "relates_to_product_reference": "SUSE Enterprise Storage 7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-fish-completion-24.0.7_ce-150000.190.4.noarch as component of SUSE Enterprise Storage 7.1",
          "product_id": "SUSE Enterprise Storage 7.1:docker-fish-completion-24.0.7_ce-150000.190.4.noarch"
        },
        "product_reference": "docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
        "relates_to_product_reference": "SUSE Enterprise Storage 7.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.aarch64 as component of openSUSE Leap Micro 5.3",
          "product_id": "openSUSE Leap Micro 5.3:docker-24.0.7_ce-150000.190.4.aarch64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.aarch64",
        "relates_to_product_reference": "openSUSE Leap Micro 5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.x86_64 as component of openSUSE Leap Micro 5.3",
          "product_id": "openSUSE Leap Micro 5.3:docker-24.0.7_ce-150000.190.4.x86_64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.x86_64",
        "relates_to_product_reference": "openSUSE Leap Micro 5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.aarch64 as component of openSUSE Leap Micro 5.4",
          "product_id": "openSUSE Leap Micro 5.4:docker-24.0.7_ce-150000.190.4.aarch64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.aarch64",
        "relates_to_product_reference": "openSUSE Leap Micro 5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.s390x as component of openSUSE Leap Micro 5.4",
          "product_id": "openSUSE Leap Micro 5.4:docker-24.0.7_ce-150000.190.4.s390x"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.s390x",
        "relates_to_product_reference": "openSUSE Leap Micro 5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.x86_64 as component of openSUSE Leap Micro 5.4",
          "product_id": "openSUSE Leap Micro 5.4:docker-24.0.7_ce-150000.190.4.x86_64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.x86_64",
        "relates_to_product_reference": "openSUSE Leap Micro 5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.aarch64 as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.aarch64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.ppc64le as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.ppc64le"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.s390x as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.s390x"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.x86_64 as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.x86_64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-bash-completion-24.0.7_ce-150000.190.4.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:docker-bash-completion-24.0.7_ce-150000.190.4.noarch"
        },
        "product_reference": "docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-fish-completion-24.0.7_ce-150000.190.4.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:docker-fish-completion-24.0.7_ce-150000.190.4.noarch"
        },
        "product_reference": "docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-rootless-extras-24.0.7_ce-150000.190.4.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch"
        },
        "product_reference": "docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-zsh-completion-24.0.7_ce-150000.190.4.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:docker-zsh-completion-24.0.7_ce-150000.190.4.noarch"
        },
        "product_reference": "docker-zsh-completion-24.0.7_ce-150000.190.4.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rootlesskit-1.1.1-150000.1.3.3.aarch64 as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.aarch64"
        },
        "product_reference": "rootlesskit-1.1.1-150000.1.3.3.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rootlesskit-1.1.1-150000.1.3.3.ppc64le as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.ppc64le"
        },
        "product_reference": "rootlesskit-1.1.1-150000.1.3.3.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rootlesskit-1.1.1-150000.1.3.3.s390x as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.s390x"
        },
        "product_reference": "rootlesskit-1.1.1-150000.1.3.3.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rootlesskit-1.1.1-150000.1.3.3.x86_64 as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.x86_64"
        },
        "product_reference": "rootlesskit-1.1.1-150000.1.3.3.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.aarch64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.aarch64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.ppc64le as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.ppc64le"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.s390x as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.s390x"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-150000.190.4.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.x86_64"
        },
        "product_reference": "docker-24.0.7_ce-150000.190.4.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-bash-completion-24.0.7_ce-150000.190.4.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:docker-bash-completion-24.0.7_ce-150000.190.4.noarch"
        },
        "product_reference": "docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-fish-completion-24.0.7_ce-150000.190.4.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:docker-fish-completion-24.0.7_ce-150000.190.4.noarch"
        },
        "product_reference": "docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-rootless-extras-24.0.7_ce-150000.190.4.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch"
        },
        "product_reference": "docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-zsh-completion-24.0.7_ce-150000.190.4.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:docker-zsh-completion-24.0.7_ce-150000.190.4.noarch"
        },
        "product_reference": "docker-zsh-completion-24.0.7_ce-150000.190.4.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rootlesskit-1.1.1-150000.1.3.3.aarch64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.aarch64"
        },
        "product_reference": "rootlesskit-1.1.1-150000.1.3.3.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rootlesskit-1.1.1-150000.1.3.3.ppc64le as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.ppc64le"
        },
        "product_reference": "rootlesskit-1.1.1-150000.1.3.3.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rootlesskit-1.1.1-150000.1.3.3.s390x as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.s390x"
        },
        "product_reference": "rootlesskit-1.1.1-150000.1.3.3.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rootlesskit-1.1.1-150000.1.3.3.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.x86_64"
        },
        "product_reference": "rootlesskit-1.1.1-150000.1.3.3.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-12912",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-12912"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A potential vulnerability in the AMD extension to Linux \"hwmon\" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 7.1:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Enterprise Storage 7.1:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Enterprise Storage 7.1:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Enterprise Storage 7.1:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise Micro 5.1:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise Micro 5.1:docker-24.0.7_ce-150000.190.4.s390x",
          "SUSE Linux Enterprise Micro 5.1:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Micro 5.2:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise Micro 5.2:docker-24.0.7_ce-150000.190.4.s390x",
          "SUSE Linux Enterprise Micro 5.2:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Micro 5.3:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise Micro 5.3:docker-24.0.7_ce-150000.190.4.s390x",
          "SUSE Linux Enterprise Micro 5.3:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Micro 5.4:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise Micro 5.4:docker-24.0.7_ce-150000.190.4.s390x",
          "SUSE Linux Enterprise Micro 5.4:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Micro 5.5:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise Micro 5.5:docker-24.0.7_ce-150000.190.4.s390x",
          "SUSE Linux Enterprise Micro 5.5:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.ppc64le",
          "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.s390x",
          "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Module for Containers 15 SP4:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise Module for Containers 15 SP4:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.aarch64",
          "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.ppc64le",
          "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.s390x",
          "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.x86_64",
          "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.ppc64le",
          "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.s390x",
          "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.aarch64",
          "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.ppc64le",
          "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.s390x",
          "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.ppc64le",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.s390x",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.ppc64le",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.s390x",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-24.0.7_ce-150000.190.4.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-24.0.7_ce-150000.190.4.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-24.0.7_ce-150000.190.4.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
          "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.aarch64",
          "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.ppc64le",
          "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.s390x",
          "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.x86_64",
          "openSUSE Leap 15.4:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "openSUSE Leap 15.4:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
          "openSUSE Leap 15.4:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
          "openSUSE Leap 15.4:docker-zsh-completion-24.0.7_ce-150000.190.4.noarch",
          "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.aarch64",
          "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.ppc64le",
          "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.s390x",
          "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.x86_64",
          "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.aarch64",
          "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.ppc64le",
          "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.s390x",
          "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.x86_64",
          "openSUSE Leap 15.5:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "openSUSE Leap 15.5:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
          "openSUSE Leap 15.5:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
          "openSUSE Leap 15.5:docker-zsh-completion-24.0.7_ce-150000.190.4.noarch",
          "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.aarch64",
          "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.ppc64le",
          "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.s390x",
          "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.x86_64",
          "openSUSE Leap Micro 5.3:docker-24.0.7_ce-150000.190.4.aarch64",
          "openSUSE Leap Micro 5.3:docker-24.0.7_ce-150000.190.4.x86_64",
          "openSUSE Leap Micro 5.4:docker-24.0.7_ce-150000.190.4.aarch64",
          "openSUSE Leap Micro 5.4:docker-24.0.7_ce-150000.190.4.s390x",
          "openSUSE Leap Micro 5.4:docker-24.0.7_ce-150000.190.4.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-12912",
          "url": "https://www.suse.com/security/cve/CVE-2020-12912"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178760 for CVE-2020-12912",
          "url": "https://bugzilla.suse.com/1178760"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 7.1:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Enterprise Storage 7.1:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Enterprise Storage 7.1:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Enterprise Storage 7.1:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Micro 5.1:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Micro 5.1:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Micro 5.1:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Micro 5.2:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Micro 5.2:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Micro 5.2:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Micro 5.3:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Micro 5.3:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Micro 5.3:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Micro 5.4:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Micro 5.4:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Micro 5.4:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Micro 5.5:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Micro 5.5:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Micro 5.5:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP4:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Module for Containers 15 SP4:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.aarch64",
            "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.ppc64le",
            "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.s390x",
            "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.x86_64",
            "openSUSE Leap 15.4:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.4:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.4:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.4:docker-zsh-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.aarch64",
            "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.ppc64le",
            "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.s390x",
            "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.x86_64",
            "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.aarch64",
            "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.ppc64le",
            "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.s390x",
            "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.x86_64",
            "openSUSE Leap 15.5:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.5:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.5:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.5:docker-zsh-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.aarch64",
            "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.ppc64le",
            "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.s390x",
            "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.x86_64",
            "openSUSE Leap Micro 5.3:docker-24.0.7_ce-150000.190.4.aarch64",
            "openSUSE Leap Micro 5.3:docker-24.0.7_ce-150000.190.4.x86_64",
            "openSUSE Leap Micro 5.4:docker-24.0.7_ce-150000.190.4.aarch64",
            "openSUSE Leap Micro 5.4:docker-24.0.7_ce-150000.190.4.s390x",
            "openSUSE Leap Micro 5.4:docker-24.0.7_ce-150000.190.4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Enterprise Storage 7.1:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Enterprise Storage 7.1:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Enterprise Storage 7.1:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Enterprise Storage 7.1:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Micro 5.1:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Micro 5.1:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Micro 5.1:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Micro 5.2:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Micro 5.2:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Micro 5.2:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Micro 5.3:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Micro 5.3:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Micro 5.3:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Micro 5.4:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Micro 5.4:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Micro 5.4:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Micro 5.5:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Micro 5.5:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Micro 5.5:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP4:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Module for Containers 15 SP4:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.aarch64",
            "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.ppc64le",
            "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.s390x",
            "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.x86_64",
            "openSUSE Leap 15.4:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.4:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.4:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.4:docker-zsh-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.aarch64",
            "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.ppc64le",
            "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.s390x",
            "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.x86_64",
            "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.aarch64",
            "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.ppc64le",
            "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.s390x",
            "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.x86_64",
            "openSUSE Leap 15.5:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.5:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.5:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.5:docker-zsh-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.aarch64",
            "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.ppc64le",
            "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.s390x",
            "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.x86_64",
            "openSUSE Leap Micro 5.3:docker-24.0.7_ce-150000.190.4.aarch64",
            "openSUSE Leap Micro 5.3:docker-24.0.7_ce-150000.190.4.x86_64",
            "openSUSE Leap Micro 5.4:docker-24.0.7_ce-150000.190.4.aarch64",
            "openSUSE Leap Micro 5.4:docker-24.0.7_ce-150000.190.4.s390x",
            "openSUSE Leap Micro 5.4:docker-24.0.7_ce-150000.190.4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-12-20T16:18:41Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-12912"
    },
    {
      "cve": "CVE-2020-8694",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8694"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 7.1:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Enterprise Storage 7.1:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Enterprise Storage 7.1:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Enterprise Storage 7.1:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise Micro 5.1:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise Micro 5.1:docker-24.0.7_ce-150000.190.4.s390x",
          "SUSE Linux Enterprise Micro 5.1:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Micro 5.2:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise Micro 5.2:docker-24.0.7_ce-150000.190.4.s390x",
          "SUSE Linux Enterprise Micro 5.2:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Micro 5.3:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise Micro 5.3:docker-24.0.7_ce-150000.190.4.s390x",
          "SUSE Linux Enterprise Micro 5.3:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Micro 5.4:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise Micro 5.4:docker-24.0.7_ce-150000.190.4.s390x",
          "SUSE Linux Enterprise Micro 5.4:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Micro 5.5:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise Micro 5.5:docker-24.0.7_ce-150000.190.4.s390x",
          "SUSE Linux Enterprise Micro 5.5:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.ppc64le",
          "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.s390x",
          "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Module for Containers 15 SP4:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise Module for Containers 15 SP4:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.aarch64",
          "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.ppc64le",
          "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.s390x",
          "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.x86_64",
          "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.ppc64le",
          "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.s390x",
          "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.aarch64",
          "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.ppc64le",
          "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.s390x",
          "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.ppc64le",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.s390x",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.ppc64le",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.s390x",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-24.0.7_ce-150000.190.4.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-24.0.7_ce-150000.190.4.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-24.0.7_ce-150000.190.4.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
          "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.aarch64",
          "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.ppc64le",
          "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.s390x",
          "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.x86_64",
          "openSUSE Leap 15.4:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "openSUSE Leap 15.4:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
          "openSUSE Leap 15.4:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
          "openSUSE Leap 15.4:docker-zsh-completion-24.0.7_ce-150000.190.4.noarch",
          "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.aarch64",
          "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.ppc64le",
          "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.s390x",
          "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.x86_64",
          "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.aarch64",
          "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.ppc64le",
          "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.s390x",
          "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.x86_64",
          "openSUSE Leap 15.5:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "openSUSE Leap 15.5:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
          "openSUSE Leap 15.5:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
          "openSUSE Leap 15.5:docker-zsh-completion-24.0.7_ce-150000.190.4.noarch",
          "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.aarch64",
          "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.ppc64le",
          "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.s390x",
          "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.x86_64",
          "openSUSE Leap Micro 5.3:docker-24.0.7_ce-150000.190.4.aarch64",
          "openSUSE Leap Micro 5.3:docker-24.0.7_ce-150000.190.4.x86_64",
          "openSUSE Leap Micro 5.4:docker-24.0.7_ce-150000.190.4.aarch64",
          "openSUSE Leap Micro 5.4:docker-24.0.7_ce-150000.190.4.s390x",
          "openSUSE Leap Micro 5.4:docker-24.0.7_ce-150000.190.4.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8694",
          "url": "https://www.suse.com/security/cve/CVE-2020-8694"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170415 for CVE-2020-8694",
          "url": "https://bugzilla.suse.com/1170415"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170446 for CVE-2020-8694",
          "url": "https://bugzilla.suse.com/1170446"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178591 for CVE-2020-8694",
          "url": "https://bugzilla.suse.com/1178591"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178700 for CVE-2020-8694",
          "url": "https://bugzilla.suse.com/1178700"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179661 for CVE-2020-8694",
          "url": "https://bugzilla.suse.com/1179661"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 7.1:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Enterprise Storage 7.1:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Enterprise Storage 7.1:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Enterprise Storage 7.1:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Micro 5.1:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Micro 5.1:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Micro 5.1:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Micro 5.2:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Micro 5.2:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Micro 5.2:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Micro 5.3:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Micro 5.3:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Micro 5.3:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Micro 5.4:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Micro 5.4:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Micro 5.4:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Micro 5.5:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Micro 5.5:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Micro 5.5:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP4:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Module for Containers 15 SP4:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.aarch64",
            "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.ppc64le",
            "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.s390x",
            "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.x86_64",
            "openSUSE Leap 15.4:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.4:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.4:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.4:docker-zsh-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.aarch64",
            "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.ppc64le",
            "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.s390x",
            "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.x86_64",
            "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.aarch64",
            "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.ppc64le",
            "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.s390x",
            "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.x86_64",
            "openSUSE Leap 15.5:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.5:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.5:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.5:docker-zsh-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.aarch64",
            "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.ppc64le",
            "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.s390x",
            "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.x86_64",
            "openSUSE Leap Micro 5.3:docker-24.0.7_ce-150000.190.4.aarch64",
            "openSUSE Leap Micro 5.3:docker-24.0.7_ce-150000.190.4.x86_64",
            "openSUSE Leap Micro 5.4:docker-24.0.7_ce-150000.190.4.aarch64",
            "openSUSE Leap Micro 5.4:docker-24.0.7_ce-150000.190.4.s390x",
            "openSUSE Leap Micro 5.4:docker-24.0.7_ce-150000.190.4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Enterprise Storage 7.1:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Enterprise Storage 7.1:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Enterprise Storage 7.1:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Enterprise Storage 7.1:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Micro 5.1:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Micro 5.1:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Micro 5.1:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Micro 5.2:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Micro 5.2:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Micro 5.2:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Micro 5.3:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Micro 5.3:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Micro 5.3:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Micro 5.4:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Micro 5.4:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Micro 5.4:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Micro 5.5:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Micro 5.5:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Micro 5.5:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP4:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Module for Containers 15 SP4:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.aarch64",
            "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.ppc64le",
            "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.s390x",
            "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.x86_64",
            "openSUSE Leap 15.4:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.4:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.4:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.4:docker-zsh-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.aarch64",
            "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.ppc64le",
            "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.s390x",
            "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.x86_64",
            "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.aarch64",
            "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.ppc64le",
            "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.s390x",
            "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.x86_64",
            "openSUSE Leap 15.5:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.5:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.5:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.5:docker-zsh-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.aarch64",
            "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.ppc64le",
            "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.s390x",
            "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.x86_64",
            "openSUSE Leap Micro 5.3:docker-24.0.7_ce-150000.190.4.aarch64",
            "openSUSE Leap Micro 5.3:docker-24.0.7_ce-150000.190.4.x86_64",
            "openSUSE Leap Micro 5.4:docker-24.0.7_ce-150000.190.4.aarch64",
            "openSUSE Leap Micro 5.4:docker-24.0.7_ce-150000.190.4.s390x",
            "openSUSE Leap Micro 5.4:docker-24.0.7_ce-150000.190.4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-12-20T16:18:41Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8694"
    },
    {
      "cve": "CVE-2020-8695",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8695"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 7.1:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Enterprise Storage 7.1:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Enterprise Storage 7.1:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Enterprise Storage 7.1:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise Micro 5.1:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise Micro 5.1:docker-24.0.7_ce-150000.190.4.s390x",
          "SUSE Linux Enterprise Micro 5.1:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Micro 5.2:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise Micro 5.2:docker-24.0.7_ce-150000.190.4.s390x",
          "SUSE Linux Enterprise Micro 5.2:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Micro 5.3:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise Micro 5.3:docker-24.0.7_ce-150000.190.4.s390x",
          "SUSE Linux Enterprise Micro 5.3:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Micro 5.4:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise Micro 5.4:docker-24.0.7_ce-150000.190.4.s390x",
          "SUSE Linux Enterprise Micro 5.4:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Micro 5.5:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise Micro 5.5:docker-24.0.7_ce-150000.190.4.s390x",
          "SUSE Linux Enterprise Micro 5.5:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.ppc64le",
          "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.s390x",
          "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Module for Containers 15 SP4:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise Module for Containers 15 SP4:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.aarch64",
          "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.ppc64le",
          "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.s390x",
          "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.x86_64",
          "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.ppc64le",
          "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.s390x",
          "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.aarch64",
          "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.ppc64le",
          "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.s390x",
          "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.ppc64le",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.s390x",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.ppc64le",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.s390x",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-24.0.7_ce-150000.190.4.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-24.0.7_ce-150000.190.4.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-24.0.7_ce-150000.190.4.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-24.0.7_ce-150000.190.4.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
          "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.aarch64",
          "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.ppc64le",
          "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.s390x",
          "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.x86_64",
          "openSUSE Leap 15.4:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "openSUSE Leap 15.4:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
          "openSUSE Leap 15.4:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
          "openSUSE Leap 15.4:docker-zsh-completion-24.0.7_ce-150000.190.4.noarch",
          "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.aarch64",
          "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.ppc64le",
          "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.s390x",
          "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.x86_64",
          "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.aarch64",
          "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.ppc64le",
          "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.s390x",
          "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.x86_64",
          "openSUSE Leap 15.5:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
          "openSUSE Leap 15.5:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
          "openSUSE Leap 15.5:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
          "openSUSE Leap 15.5:docker-zsh-completion-24.0.7_ce-150000.190.4.noarch",
          "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.aarch64",
          "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.ppc64le",
          "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.s390x",
          "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.x86_64",
          "openSUSE Leap Micro 5.3:docker-24.0.7_ce-150000.190.4.aarch64",
          "openSUSE Leap Micro 5.3:docker-24.0.7_ce-150000.190.4.x86_64",
          "openSUSE Leap Micro 5.4:docker-24.0.7_ce-150000.190.4.aarch64",
          "openSUSE Leap Micro 5.4:docker-24.0.7_ce-150000.190.4.s390x",
          "openSUSE Leap Micro 5.4:docker-24.0.7_ce-150000.190.4.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8695",
          "url": "https://www.suse.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170415 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170415"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170446 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170446"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178591 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1178591"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 7.1:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Enterprise Storage 7.1:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Enterprise Storage 7.1:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Enterprise Storage 7.1:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Micro 5.1:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Micro 5.1:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Micro 5.1:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Micro 5.2:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Micro 5.2:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Micro 5.2:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Micro 5.3:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Micro 5.3:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Micro 5.3:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Micro 5.4:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Micro 5.4:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Micro 5.4:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Micro 5.5:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Micro 5.5:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Micro 5.5:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP4:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Module for Containers 15 SP4:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.aarch64",
            "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.ppc64le",
            "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.s390x",
            "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.x86_64",
            "openSUSE Leap 15.4:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.4:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.4:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.4:docker-zsh-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.aarch64",
            "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.ppc64le",
            "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.s390x",
            "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.x86_64",
            "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.aarch64",
            "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.ppc64le",
            "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.s390x",
            "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.x86_64",
            "openSUSE Leap 15.5:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.5:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.5:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.5:docker-zsh-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.aarch64",
            "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.ppc64le",
            "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.s390x",
            "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.x86_64",
            "openSUSE Leap Micro 5.3:docker-24.0.7_ce-150000.190.4.aarch64",
            "openSUSE Leap Micro 5.3:docker-24.0.7_ce-150000.190.4.x86_64",
            "openSUSE Leap Micro 5.4:docker-24.0.7_ce-150000.190.4.aarch64",
            "openSUSE Leap Micro 5.4:docker-24.0.7_ce-150000.190.4.s390x",
            "openSUSE Leap Micro 5.4:docker-24.0.7_ce-150000.190.4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Enterprise Storage 7.1:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Enterprise Storage 7.1:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Enterprise Storage 7.1:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Enterprise Storage 7.1:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Micro 5.1:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Micro 5.1:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Micro 5.1:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Micro 5.2:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Micro 5.2:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Micro 5.2:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Micro 5.3:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Micro 5.3:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Micro 5.3:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Micro 5.4:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Micro 5.4:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Micro 5.4:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Micro 5.5:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Micro 5.5:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Micro 5.5:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP4:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP4:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Module for Containers 15 SP4:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP4:rootlesskit-1.1.1-150000.1.3.3.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP5:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.aarch64",
            "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.ppc64le",
            "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.s390x",
            "SUSE Linux Enterprise Module for Containers 15 SP5:rootlesskit-1.1.1-150000.1.3.3.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.aarch64",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.s390x",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-24.0.7_ce-150000.190.4.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-24.0.7_ce-150000.190.4.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.aarch64",
            "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.ppc64le",
            "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.s390x",
            "openSUSE Leap 15.4:docker-24.0.7_ce-150000.190.4.x86_64",
            "openSUSE Leap 15.4:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.4:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.4:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.4:docker-zsh-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.aarch64",
            "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.ppc64le",
            "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.s390x",
            "openSUSE Leap 15.4:rootlesskit-1.1.1-150000.1.3.3.x86_64",
            "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.aarch64",
            "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.ppc64le",
            "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.s390x",
            "openSUSE Leap 15.5:docker-24.0.7_ce-150000.190.4.x86_64",
            "openSUSE Leap 15.5:docker-bash-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.5:docker-fish-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.5:docker-rootless-extras-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.5:docker-zsh-completion-24.0.7_ce-150000.190.4.noarch",
            "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.aarch64",
            "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.ppc64le",
            "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.s390x",
            "openSUSE Leap 15.5:rootlesskit-1.1.1-150000.1.3.3.x86_64",
            "openSUSE Leap Micro 5.3:docker-24.0.7_ce-150000.190.4.aarch64",
            "openSUSE Leap Micro 5.3:docker-24.0.7_ce-150000.190.4.x86_64",
            "openSUSE Leap Micro 5.4:docker-24.0.7_ce-150000.190.4.aarch64",
            "openSUSE Leap Micro 5.4:docker-24.0.7_ce-150000.190.4.s390x",
            "openSUSE Leap Micro 5.4:docker-24.0.7_ce-150000.190.4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-12-20T16:18:41Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8695"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for microcode_ctl",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for microcode_ctl fixes the following issue:\n\n- Updated Intel CPU Microcode to 20201027 prerelease (bsc#1170446)\n\n- CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX)\n- CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594)\n\n  # New Platforms:\n  | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products\n  |:---------------|:---------|:------------|:---------|:---------|:---------\n  | TGL            | B1       | 06-8c-01/80 |          | 00000068 | Core Gen11 Mobile\n  | CPX-SP         | A1       | 06-55-0b/bf |          | 0700001e | Xeon Scalable Gen3\n  | CML-H          | R1       | 06-a5-02/20 |          | 000000e0 | Core Gen10 Mobile\n  | CML-S62        | G1       | 06-a5-03/22 |          | 000000e0 | Core Gen10\n  | CML-S102       | Q0       | 06-a5-05/22 |          | 000000e0 | Core Gen10 \n  | CML-U62 V2     | K0       | 06-a6-01/80 |          | 000000e0 | Core Gen10 Mobile\n  # Updated Platforms:\n  | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products\n  |:---------------|:---------|:------------|:---------|:---------|:---------\n  | GKL-R          | R0       | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120\n  | SKL-U/Y        | D0       | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile\n  | SKL-U23e       | K1       | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile\n  | APL            | D0       | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx\n  | APL            | E0       | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx\n  | SKL-H/S        | R0/N0    | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5\n  | HSX-E/EP       | Cx/M1    | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3\n  | SKX-SP         | B1       | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable\n  | SKX-SP         | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable\n  | SKX-D          | M1       | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx\n  | CLX-SP         | B0       | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2\n  | CLX-SP         | B1       | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2\n  | ICL-U/Y        | D1       | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile\n  | AML-Y22        | H0       | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile\n  | KBL-U/Y        | H0       | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile\n  | CFL-U43e       | D0       | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile\n  | WHL-U          | W0       | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile\n  | AML-Y42        | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile\n  | CML-Y42        | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile\n  | WHL-U          | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile\n  | KBL-G/H/S/E3   | B0       | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6\n  | CFL-H/S/E3     | U0       | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E\n  | CFL-S          | B0       | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8\n  | CFL-H/S        | P0       | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9\n  | CFL-H          | R0       | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile\n  | CML-U62        | A0       | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "sleposp3-microcode_ctl-14540,slessp4-microcode_ctl-14540",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_14540-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2020:14540-1",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-202014540-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2020:14540-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007755.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1170446",
        "url": "https://bugzilla.suse.com/1170446"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1173594",
        "url": "https://bugzilla.suse.com/1173594"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8695 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8695/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8698 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8698/"
      }
    ],
    "title": "Security update for microcode_ctl",
    "tracking": {
      "current_release_date": "2020-11-11T10:21:45Z",
      "generator": {
        "date": "2020-11-11T10:21:45Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2020:14540-1",
      "initial_release_date": "2020-11-11T10:21:45Z",
      "revision_history": [
        {
          "date": "2020-11-11T10:21:45Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-1.17-102.83.59.1.i586",
                "product": {
                  "name": "microcode_ctl-1.17-102.83.59.1.i586",
                  "product_id": "microcode_ctl-1.17-102.83.59.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "microcode_ctl-1.17-102.83.59.1.x86_64",
                "product": {
                  "name": "microcode_ctl-1.17-102.83.59.1.x86_64",
                  "product_id": "microcode_ctl-1.17-102.83.59.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Point of Sale 11 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Point of Sale 11 SP3",
                  "product_id": "SUSE Linux Enterprise Point of Sale 11 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-pos:11:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse_sles:11:sp4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-1.17-102.83.59.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
          "product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.59.1.i586"
        },
        "product_reference": "microcode_ctl-1.17-102.83.59.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-1.17-102.83.59.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.59.1.i586"
        },
        "product_reference": "microcode_ctl-1.17-102.83.59.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "microcode_ctl-1.17-102.83.59.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.59.1.x86_64"
        },
        "product_reference": "microcode_ctl-1.17-102.83.59.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-8695",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8695"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.59.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.59.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.59.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8695",
          "url": "https://www.suse.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170415 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170415"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170446 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170446"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178591 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1178591"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.59.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.59.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.59.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.59.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.59.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.59.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-11T10:21:45Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8695"
    },
    {
      "cve": "CVE-2020-8698",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8698"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.59.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.59.1.i586",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.59.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8698",
          "url": "https://www.suse.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173594 for CVE-2020-8698",
          "url": "https://bugzilla.suse.com/1173594"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.59.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.59.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.59.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.59.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.59.1.i586",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.59.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-11T10:21:45Z",
          "details": "low"
        }
      ],
      "title": "CVE-2020-8698"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "NorthStar Controller versions ant\u00e9rieures \u00e0 6.2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Contrail Cloud versions ant\u00e9rieures \u00e0 13.7.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 19.2R3-EVO, 19.3R3-EVO, 19.4R3-EVO, 20.1R3-EVO, 20.2R2-EVO, 20.3R1-EVO, 20.4R2-EVO, 20.4R3-S3-EVO, 20.4R3-S4-EVO, 21.1R2-EVO, 21.2R1-EVO, 21.2R3-S4-EVO, 21.3R2-EVO, 21.3R3-EVO, 21.3R3-S1-EVO, 21.4R1-EVO, 21.4R2-EVO, 21.4R2-S1-EVO, 21.4R2-S2-EVO, 21.4R3-EVO, 22.1R1-EVO, 22.1R1-S2-EVO, 22.1R2-EVO, 22.1R3-EVO, 22.2R1-EVO, 22.2R1-S1-EVO, 22.2R2-EVO et 22.3R1-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Networks Contrail Service Orchestration (CSO) versions ant\u00e9rieures \u00e0 6.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 15.1R7-S12, 18.4R2-S7, 19.1R3-S2, 19.1R3-S9, 19.2R1-S9, 19.2R3, 19.2R3-S5, 19.2R3-S6, 19.3R3, 19.3R3-S6, 19.3R3-S7, 19.4R2-S7, 19.4R2-S8, 19.4R3, 19.4R3-S10, 19.4R3-S8, 19.4R3-S9, 20.1R2, 20.1R3-S4, 20.2R2, 20.2R3-S5, 20.2R3-S6, 20.2R3-S7, 20.3R1, 20.3R3-S4, 20.3R3-S5, 20.3R3-S6, 20.4R1, 20.4R3-S3, 20.4R3-S4, 20.4R3-S5, 21.1R1-S1, 21.1R2, 21.1R3, 21.1R3-S3, 21.1R3-S4, 21.1R3-S5, 21.2R1, 21.2R3, 21.2R3-S1, 21.2R3-S2, 21.2R3-S3, 21.3R2, 21.3R3, 21.3R3-S1, 21.3R3-S2, 21.3R3-S3, 21.4R2, 21.4R2-S1, 21.4R2-S2, 21.4R3, 21.4R3-S1, 21.4R3-S2, 22.1R1, 22.1R1-S2, 22.1R2, 22.1R2-S1, 22.1R2-S2, 22.1R3, 22.1R3-S1, 22.2R1, 22.2R1-S1, 22.2R1-S2, 22.2R2, 22.2R3, 22.3R1, 22.3R1-S1, 22.3R2 et 22.4R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space versions ant\u00e9rieures \u00e0 22.3R1",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Native Contrail Networking versions ant\u00e9rieures \u00e0 R22.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-4658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
    },
    {
      "name": "CVE-2016-8625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8625"
    },
    {
      "name": "CVE-2016-8743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8743"
    },
    {
      "name": "CVE-2017-12613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12613"
    },
    {
      "name": "CVE-2019-1543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1543"
    },
    {
      "name": "CVE-2019-1551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1551"
    },
    {
      "name": "CVE-2020-0549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0549"
    },
    {
      "name": "CVE-2020-0548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0548"
    },
    {
      "name": "CVE-2020-8648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8648"
    },
    {
      "name": "CVE-2020-11668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11668"
    },
    {
      "name": "CVE-2020-0543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
    },
    {
      "name": "CVE-2020-14579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14579"
    },
    {
      "name": "CVE-2020-14573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14573"
    },
    {
      "name": "CVE-2020-14577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14577"
    },
    {
      "name": "CVE-2020-14578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14578"
    },
    {
      "name": "CVE-2020-14621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14621"
    },
    {
      "name": "CVE-2020-14562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14562"
    },
    {
      "name": "CVE-2020-14583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14583"
    },
    {
      "name": "CVE-2020-14581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14581"
    },
    {
      "name": "CVE-2020-14593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14593"
    },
    {
      "name": "CVE-2020-14556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14556"
    },
    {
      "name": "CVE-2020-14145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14145"
    },
    {
      "name": "CVE-2020-14796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14796"
    },
    {
      "name": "CVE-2020-14803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14803"
    },
    {
      "name": "CVE-2020-14792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14792"
    },
    {
      "name": "CVE-2020-14779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14779"
    },
    {
      "name": "CVE-2020-14798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14798"
    },
    {
      "name": "CVE-2020-14797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14797"
    },
    {
      "name": "CVE-2020-14781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14781"
    },
    {
      "name": "CVE-2020-14782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14782"
    },
    {
      "name": "CVE-2020-14871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14871"
    },
    {
      "name": "CVE-2020-8698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
    },
    {
      "name": "CVE-2020-8696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
    },
    {
      "name": "CVE-2020-25704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25704"
    },
    {
      "name": "CVE-2020-0466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0466"
    },
    {
      "name": "CVE-2020-0465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0465"
    },
    {
      "name": "CVE-2020-1971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
    },
    {
      "name": "CVE-2020-8695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
    },
    {
      "name": "CVE-2019-20934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20934"
    },
    {
      "name": "CVE-2021-3156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
    },
    {
      "name": "CVE-2021-3347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3347"
    },
    {
      "name": "CVE-2021-23841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23841"
    },
    {
      "name": "CVE-2021-23840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
    },
    {
      "name": "CVE-2021-3177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
    },
    {
      "name": "CVE-2020-12363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12363"
    },
    {
      "name": "CVE-2020-12362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12362"
    },
    {
      "name": "CVE-2020-12364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12364"
    },
    {
      "name": "CVE-2021-27365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27365"
    },
    {
      "name": "CVE-2021-27363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27363"
    },
    {
      "name": "CVE-2021-27364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27364"
    },
    {
      "name": "CVE-2020-27170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27170"
    },
    {
      "name": "CVE-2021-3450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3450"
    },
    {
      "name": "CVE-2020-35498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35498"
    },
    {
      "name": "CVE-2021-28950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28950"
    },
    {
      "name": "CVE-2021-29154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29154"
    },
    {
      "name": "CVE-2020-36322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36322"
    },
    {
      "name": "CVE-2021-2194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2194"
    },
    {
      "name": "CVE-2021-2162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2162"
    },
    {
      "name": "CVE-2021-2179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2179"
    },
    {
      "name": "CVE-2021-2307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2307"
    },
    {
      "name": "CVE-2021-2180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2180"
    },
    {
      "name": "CVE-2021-2144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2144"
    },
    {
      "name": "CVE-2021-2226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2226"
    },
    {
      "name": "CVE-2021-2169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2169"
    },
    {
      "name": "CVE-2021-2202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2202"
    },
    {
      "name": "CVE-2021-2166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2166"
    },
    {
      "name": "CVE-2021-2174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2174"
    },
    {
      "name": "CVE-2021-2154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2154"
    },
    {
      "name": "CVE-2020-28196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28196"
    },
    {
      "name": "CVE-2021-2178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2178"
    },
    {
      "name": "CVE-2021-2146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2146"
    },
    {
      "name": "CVE-2021-2160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2160"
    },
    {
      "name": "CVE-2021-2171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2171"
    },
    {
      "name": "CVE-2021-2161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2161"
    },
    {
      "name": "CVE-2021-2163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2163"
    },
    {
      "name": "CVE-2021-29650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29650"
    },
    {
      "name": "CVE-2021-23017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23017"
    },
    {
      "name": "CVE-2021-25217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25217"
    },
    {
      "name": "CVE-2021-33033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33033"
    },
    {
      "name": "CVE-2020-24512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
    },
    {
      "name": "CVE-2020-24513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24513"
    },
    {
      "name": "CVE-2020-24511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
    },
    {
      "name": "CVE-2021-32399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32399"
    },
    {
      "name": "CVE-2021-33034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33034"
    },
    {
      "name": "CVE-2021-3564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3564"
    },
    {
      "name": "CVE-2021-3573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3573"
    },
    {
      "name": "CVE-2020-36385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36385"
    },
    {
      "name": "CVE-2020-27827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27827"
    },
    {
      "name": "CVE-2021-22555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22555"
    },
    {
      "name": "CVE-2021-33909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33909"
    },
    {
      "name": "CVE-2021-2388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2388"
    },
    {
      "name": "CVE-2021-2341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2341"
    },
    {
      "name": "CVE-2021-2432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2432"
    },
    {
      "name": "CVE-2021-2369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2369"
    },
    {
      "name": "CVE-2021-2389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2389"
    },
    {
      "name": "CVE-2021-2372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2372"
    },
    {
      "name": "CVE-2021-2342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2342"
    },
    {
      "name": "CVE-2021-2385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2385"
    },
    {
      "name": "CVE-2021-2390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2390"
    },
    {
      "name": "CVE-2021-22543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22543"
    },
    {
      "name": "CVE-2021-37576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37576"
    },
    {
      "name": "CVE-2021-3712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
    },
    {
      "name": "CVE-2021-3715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3715"
    },
    {
      "name": "CVE-2021-39275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
    },
    {
      "name": "CVE-2021-34798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34798"
    },
    {
      "name": "CVE-2021-40438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40438"
    },
    {
      "name": "CVE-2021-3752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3752"
    },
    {
      "name": "CVE-2021-27219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27219"
    },
    {
      "name": "CVE-2020-26137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26137"
    },
    {
      "name": "CVE-2020-28469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
    },
    {
      "name": "CVE-2020-26116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26116"
    },
    {
      "name": "CVE-2021-35603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
    },
    {
      "name": "CVE-2021-35586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
    },
    {
      "name": "CVE-2021-35559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
    },
    {
      "name": "CVE-2021-35567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35567"
    },
    {
      "name": "CVE-2021-35578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
    },
    {
      "name": "CVE-2021-35550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
    },
    {
      "name": "CVE-2021-35561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35561"
    },
    {
      "name": "CVE-2021-35565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
    },
    {
      "name": "CVE-2021-35564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
    },
    {
      "name": "CVE-2021-35556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
    },
    {
      "name": "CVE-2021-26691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26691"
    },
    {
      "name": "CVE-2021-0920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
    },
    {
      "name": "CVE-2021-42739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42739"
    },
    {
      "name": "CVE-2021-44790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
    },
    {
      "name": "CVE-2021-4083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4083"
    },
    {
      "name": "CVE-2021-4155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4155"
    },
    {
      "name": "CVE-2022-21349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21349"
    },
    {
      "name": "CVE-2022-21277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21277"
    },
    {
      "name": "CVE-2022-21291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21291"
    },
    {
      "name": "CVE-2022-21340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21340"
    },
    {
      "name": "CVE-2022-21282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21282"
    },
    {
      "name": "CVE-2022-21341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21341"
    },
    {
      "name": "CVE-2022-21365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21365"
    },
    {
      "name": "CVE-2022-21305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21305"
    },
    {
      "name": "CVE-2022-21366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21366"
    },
    {
      "name": "CVE-2022-21360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21360"
    },
    {
      "name": "CVE-2022-21296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21296"
    },
    {
      "name": "CVE-2022-21293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21293"
    },
    {
      "name": "CVE-2022-21248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21248"
    },
    {
      "name": "CVE-2022-21299",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21299"
    },
    {
      "name": "CVE-2022-21294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21294"
    },
    {
      "name": "CVE-2022-21283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21283"
    },
    {
      "name": "CVE-2021-4034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
    },
    {
      "name": "CVE-2021-4028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4028"
    },
    {
      "name": "CVE-2022-2526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2526"
    },
    {
      "name": "CVE-2022-38177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38177"
    },
    {
      "name": "CVE-2022-29154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29154"
    },
    {
      "name": "CVE-2022-21449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21449"
    },
    {
      "name": "CVE-2022-21476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21476"
    },
    {
      "name": "CVE-2022-21125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21125"
    },
    {
      "name": "CVE-2022-21123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21123"
    },
    {
      "name": "CVE-2022-21166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21166"
    },
    {
      "name": "CVE-2022-38178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38178"
    },
    {
      "name": "CVE-2018-25032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
    },
    {
      "name": "CVE-2022-32250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32250"
    },
    {
      "name": "CVE-2021-45960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
    },
    {
      "name": "CVE-2022-22827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
    },
    {
      "name": "CVE-2022-22825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
    },
    {
      "name": "CVE-2022-22822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
    },
    {
      "name": "CVE-2022-22824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
    },
    {
      "name": "CVE-2021-46143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
    },
    {
      "name": "CVE-2022-22826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
    },
    {
      "name": "CVE-2022-23852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
    },
    {
      "name": "CVE-2022-22823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
    },
    {
      "name": "CVE-2022-0330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0330"
    },
    {
      "name": "CVE-2022-22942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
    },
    {
      "name": "CVE-2022-0492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0492"
    },
    {
      "name": "CVE-2022-25236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
    },
    {
      "name": "CVE-2022-25315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
    },
    {
      "name": "CVE-2022-25235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
    },
    {
      "name": "CVE-2022-22720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22720"
    },
    {
      "name": "CVE-2022-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
    },
    {
      "name": "CVE-2022-21434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21434"
    },
    {
      "name": "CVE-2022-21443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21443"
    },
    {
      "name": "CVE-2022-21496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21496"
    },
    {
      "name": "CVE-2022-21426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
    },
    {
      "name": "CVE-2022-1473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
    },
    {
      "name": "CVE-2022-1729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1729"
    },
    {
      "name": "CVE-2021-30465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30465"
    },
    {
      "name": "CVE-2021-42574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42574"
    },
    {
      "name": "CVE-2022-21541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21541"
    },
    {
      "name": "CVE-2022-34169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
    },
    {
      "name": "CVE-2022-21549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21549"
    },
    {
      "name": "CVE-2022-21540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21540"
    },
    {
      "name": "CVE-2007-6755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6755"
    },
    {
      "name": "CVE-2022-1271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
    },
    {
      "name": "CVE-2021-3765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3765"
    },
    {
      "name": "CVE-2022-24903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24903"
    },
    {
      "name": "CVE-2022-21626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
    },
    {
      "name": "CVE-2022-21619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
    },
    {
      "name": "CVE-2022-21628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
    },
    {
      "name": "CVE-2022-21624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
    },
    {
      "name": "CVE-2019-11287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11287"
    },
    {
      "name": "CVE-2023-22397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22397"
    },
    {
      "name": "CVE-2023-22403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22403"
    },
    {
      "name": "CVE-2023-22398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22398"
    },
    {
      "name": "CVE-2023-22399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22399"
    },
    {
      "name": "CVE-2023-22417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22417"
    },
    {
      "name": "CVE-2023-22395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22395"
    },
    {
      "name": "CVE-2023-22391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22391"
    },
    {
      "name": "CVE-2023-22409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22409"
    },
    {
      "name": "CVE-2023-22407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22407"
    },
    {
      "name": "CVE-2023-22414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22414"
    },
    {
      "name": "CVE-2023-22393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22393"
    },
    {
      "name": "CVE-2023-22415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22415"
    },
    {
      "name": "CVE-2023-22405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22405"
    },
    {
      "name": "CVE-2023-22412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22412"
    },
    {
      "name": "CVE-2020-24489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24489"
    },
    {
      "name": "CVE-2023-22404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22404"
    },
    {
      "name": "CVE-2021-3504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3504"
    },
    {
      "name": "CVE-2023-22394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22394"
    },
    {
      "name": "CVE-2023-22406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22406"
    },
    {
      "name": "CVE-2018-8046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8046"
    },
    {
      "name": "CVE-2007-2285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2285"
    },
    {
      "name": "CVE-2021-35940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35940"
    },
    {
      "name": "CVE-2023-22411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22411"
    },
    {
      "name": "CVE-2023-22401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22401"
    },
    {
      "name": "CVE-2020-15778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15778"
    },
    {
      "name": "CVE-2023-22396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22396"
    },
    {
      "name": "CVE-2023-22402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22402"
    },
    {
      "name": "CVE-2021-3621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3621"
    },
    {
      "name": "CVE-2023-22400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22400"
    },
    {
      "name": "CVE-2023-22408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22408"
    },
    {
      "name": "CVE-2022-0934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0934"
    },
    {
      "name": "CVE-2021-40085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40085"
    },
    {
      "name": "CVE-2023-22410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22410"
    },
    {
      "name": "CVE-2023-22416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22416"
    },
    {
      "name": "CVE-2023-22413",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22413"
    }
  ],
  "initial_release_date": "2023-01-23T00:00:00",
  "last_revision_date": "2023-01-23T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0051",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-01-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de\ncode arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70195 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-QFX10K-Series-PFE-crash-upon-receipt-of-specific-genuine-packets-when-sFlow-is-enabled-CVE-2023-22399?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70183 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Contrail-Cloud-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Cloud-release-13-7-0?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70203 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-RPD-crash-can-happen-due-to-an-MPLS-TE-tunnel-configuration-change-on-a-directly-connected-router-CVE-2023-22407?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70192 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Receipt-of-crafted-TCP-packets-on-Ethernet-console-port-results-in-MBUF-leak-leading-to-Denial-of-Service-DoS-CVE-2023-22396?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70213 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-A-memory-leak-might-be-observed-in-IPsec-VPN-scenario-leading-to-an-FPC-crash-CVE-2023-22417?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70193 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Evolved-PTX10003-An-attacker-sending-specific-genuine-packets-will-cause-a-memory-leak-in-the-PFE-leading-to-a-Denial-of-Service-CVE-2023-22397?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70181 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-might-crash-when-MPLS-ping-is-performed-on-BGP-LSPs-CVE-2023-22398?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70186 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-in-OpenSSL?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70179 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Northstar-Controller-Pivotal-RabbitMQ-contains-a-web-management-plugin-that-is-vulnerable-to-a-Denial-of-Service-DoS-attack-CVE-2019-11287?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70208 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-MX-Series-and-SRX-Series-The-flowd-daemon-will-crash-if-the-SIP-ALG-is-enabled-and-specific-SIP-messages-are-processed-CVE-2023-22412?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70201 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-QFX5k-Series-EX46xx-Series-MAC-limiting-feature-stops-working-after-PFE-restart-device-reboot--CVE-2023-22405?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70209 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-MX-Series-FPC-crash-when-an-IPsec6-tunnel-processes-specific-IPv4-packets-CVE-2023-22413?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70187 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-ACX2K-Series-Receipt-of-a-high-rate-of-specific-traffic-will-lead-to-a-Denial-of-Service-DoS-CVE-2023-22391?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70199 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-QFX10k-Series-ICCP-flap-will-be-observed-due-to-excessive-specific-traffic-CVE-2023-22403?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70180 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-OpenSSL-Infinite-loop-in-BN-mod-sqrt-reachable-when-parsing-certificates-CVE-2022-0778?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70198 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Evolved-The-kernel-might-restart-in-a-BGP-scenario-where-bgp-auto-discovery-is-enabled-and-such-a-neighbor-flaps-CVE-2023-22402?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70196 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Evolved-A-specific-SNMP-GET-operation-and-a-specific-CLI-commands-cause-resources-to-leak-and-eventually-the-evo-pfemand-process-will-crash-CVE-2023-22400?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70197 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-PTX10008-PTX10016-When-a-specific-SNMP-MIB-is-queried-the-FPC-will-crash-CVE-2023-22401?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70202 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-memory-leak-which-will-ultimately-lead-to-an-rpd-crash-will-be-observed-when-a-peer-interface-flaps-continuously-in-a-Segment-Routing-scenario-CVE-2023-22406?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70190 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-Memory-leak-due-to-receipt-of-specially-crafted-SIP-calls-CVE-2023-22394?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70191 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-In-an-MPLS-scenario-the-processing-of-specific-packets-to-the-device-causes-a-buffer-leak-and-ultimately-a-loss-of-connectivity-CVE-2023-22395?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69903 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Contrail-Networking-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Networking-R22-3?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70204 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-5000-Series-Upon-processing-of-a-specific-SIP-packet-an-FPC-can-crash-CVE-2023-22408?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70200 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-When-IPsec-VPN-is-configured-iked-will-core-when-a-specifically-formatted-payload-is-received-CVE-2023-22404?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70212 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-The-flowd-daemon-will-crash-if-SIP-ALG-is-enabled-and-a-malicious-SIP-packet-is-received-CVE-2023-22416?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70185 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-22-3R1-release?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70211 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-MX-Series-and-SRX-Series-The-flow-processing-daemon-flowd-will-crash-when-a-specific-H-323-packet-is-received-CVE-2023-22415?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70210 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-PTX-Series-and-QFX10000-Series-An-FPC-memory-leak-is-observed-when-specific-multicast-packets-are-processed-CVE-2023-22414?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70206 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-MX-Series-with-MPC10-MPC11-When-Suspicious-Control-Flow-Detection-scfd-is-enabled-and-an-attacker-is-sending-specific-traffic-this-causes-a-memory-leak-CVE-2023-22410?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70205 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-MX-Series-with-SPC3-When-an-inconsistent-NAT-configuration-exists-and-a-specific-CLI-command-is-issued-the-SPC-will-reboot-CVE-2023-22409?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70182 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Contrail-Service-Orchestration-Multiple-vulnerabilities-resolved-in-CSO-6-3-0?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70189 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-crash-upon-receipt-of-BGP-route-with-invalid-next-hop-CVE-2023-22393?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70207 du 11 janvier 2023",
      "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-The-flowd-daemon-will-crash-when-Unified-Policies-are-used-with-IPv6-and-certain-dynamic-applications-are-rejected-by-the-device-CVE-2023-22411?language=en_US"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SUSE Linux Enterprise High Availability 12-SP5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Live Patching 12-SP5",
      "product": {
        "name": "SUSE Linux Enterprise Live Patching",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Module for Legacy Software 15-SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Module for Development Tools 15-SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Software Development Kit 12-SP5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server 12-SP5",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Module for Live Patching 15-SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Workstation Extension 15-SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Module for Basesystem 15-SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Module for Public Cloud 15-SP2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise High Availability 15-SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Module for Public Cloud 15-SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Workstation Extension 12-SP5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-8695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
    },
    {
      "name": "CVE-2020-28974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28974"
    },
    {
      "name": "CVE-2020-28915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28915"
    },
    {
      "name": "CVE-2020-27777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27777"
    },
    {
      "name": "CVE-2020-4788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-4788"
    },
    {
      "name": "CVE-2020-25704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25704"
    },
    {
      "name": "CVE-2020-29371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29371"
    },
    {
      "name": "CVE-2020-25705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25705"
    },
    {
      "name": "CVE-2020-28941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28941"
    },
    {
      "name": "CVE-2020-15437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15437"
    },
    {
      "name": "CVE-2020-25669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25669"
    },
    {
      "name": "CVE-2020-25668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25668"
    },
    {
      "name": "CVE-2020-15436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15436"
    },
    {
      "name": "CVE-2020-8694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8694"
    },
    {
      "name": "CVE-2020-28368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28368"
    },
    {
      "name": "CVE-2020-29369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29369"
    }
  ],
  "initial_release_date": "2020-12-10T00:00:00",
  "last_revision_date": "2020-12-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-811",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-12-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20203718-1 du 09 d\u00e9cembre 2020",
      "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203718-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20203717-1 du 09 d\u00e9cembre 2020",
      "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203717-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20203714-1 du 08 d\u00e9cembre 2020",
      "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203714-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20203715-1 du 08 d\u00e9cembre 2020",
      "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203715-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20203713-1 du 08 d\u00e9cembre 2020",
      "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203713-1/"
    }
  ]
}

{
  "affected": [],
  "aliases": [
    "CVE-2020-8695"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-11-12T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.",
  "id": "GHSA-55fx-92rr-h42r",
  "modified": "2022-05-24T17:34:10Z",
  "published": "2022-05-24T17:34:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8695"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQ24MFBVH3HJW3PNRQBRY4YXKC7GA57W"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GRFC7UAPKAFFH5WX3AMDUBVHLKYQA2NZ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MAAGIK5CXKBPGY3R4UR5VO56M7MKLZ43"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEM2FZWVE4FNGYNQU3WCBAWTZRBWDYUR"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for ucode-intel",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for ucode-intel fixes the following issues:\n\n- Updated Intel CPU Microcode to 20201118 official release. (bsc#1178971)\n\n  - Removed TGL/06-8c-01/80 due to functional issues with some OEM platforms.\n\n- Updated Intel CPU Microcode to 20201110 official release.\n\n - CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446)\n - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594)\n - CVE-2020-8696: Vector Register Sampling Active INTEL-SA-00381 (bsc#1173592)\n\n- Release notes:\n  - Security updates for [INTEL-SA-00381](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html).\n  - Security updates for [INTEL-SA-00389](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html).\n  - Update for functional issues. Refer to [Second Generation Intel\u00ae Xeon\u00ae Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details.\n  - Update for functional issues. Refer to [Intel\u00ae Xeon\u00ae Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details.\n  - Update for functional issues. Refer to [Intel\u00ae Xeon\u00ae Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details.\n  - Update for functional issues. Refer to [10th Gen Intel\u00ae Core\u2122 Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details.\n  - Update for functional issues. Refer to [8th and 9th Gen Intel\u00ae Core\u2122 Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details.\n  - Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel\u00ae Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details.\n  - Update for functional issues. Refer to [6th Gen Intel\u00ae Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details.\n  - Update for functional issues. Refer to [Intel\u00ae Xeon\u00ae E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details.\n  - Update for functional issues. Refer to [Intel\u00ae Xeon\u00ae E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details.\n\n  ### New Platforms\n  | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products\n  |:---------------|:---------|:------------|:---------|:---------|:---------\n  | CPX-SP         | A1       | 06-55-0b/bf |          | 0700001e | Xeon Scalable Gen3\n  | LKF            | B2/B3    | 06-8a-01/10 |          | 00000028 | Core w/Hybrid Technology\n  | TGL            | B1       | 06-8c-01/80 |          | 00000068 | Core Gen11 Mobile\n  | CML-H          | R1       | 06-a5-02/20 |          | 000000e0 | Core Gen10 Mobile\n  | CML-S62        | G1       | 06-a5-03/22 |          | 000000e0 | Core Gen10\n  | CML-S102       | Q0       | 06-a5-05/22 |          | 000000e0 | Core Gen10\n  | CML-U62 V2     | K0       | 06-a6-01/80 |          | 000000e0 | Core Gen10 Mobile\n  \n  ### Updated Platforms\n  | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products\n  |:---------------|:---------|:------------|:---------|:---------|:---------\n  | HSX-E/EP       | Cx/M1    | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3\n  | SKL-U/Y        | D0       | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile\n  | SKL-U23e       | K1       | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile\n  | SKX-SP         | B1       | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable\n  | SKX-SP         | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable\n  | SKX-D          | M1       | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx\n  | CLX-SP         | B0       | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2\n  | CLX-SP         | B1       | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2\n  | APL            | D0       | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx\n  | APL            | E0       | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx\n  | SKL-H/S        | R0/N0    | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5\n  | GKL-R          | R0       | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120\n  | ICL-U/Y        | D1       | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile\n  | AML-Y22        | H0       | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile\n  | KBL-U/Y        | H0       | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile\n  | CFL-U43e       | D0       | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile\n  | WHL-U          | W0       | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile\n  | AML-Y42        | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile\n  | CML-Y42        | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile\n  | WHL-U          | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile\n  | KBL-G/H/S/E3   | B0       | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6\n  | CFL-H/S/E3     | U0       | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E\n  | CFL-S          | B0       | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8\n  | CFL-H/S        | P0       | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9\n  | CFL-H          | R0       | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile\n  | CML-U62        | A0       | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2020-2098",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_2098-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2020:2098-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TF4HQIBGSJ2IFTYIDCJW5IFFEG62DCU5/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2020:2098-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TF4HQIBGSJ2IFTYIDCJW5IFFEG62DCU5/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1170446",
        "url": "https://bugzilla.suse.com/1170446"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1173592",
        "url": "https://bugzilla.suse.com/1173592"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1173594",
        "url": "https://bugzilla.suse.com/1173594"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178971",
        "url": "https://bugzilla.suse.com/1178971"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8695 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8695/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8696 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8696/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8698 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8698/"
      }
    ],
    "title": "Security update for ucode-intel",
    "tracking": {
      "current_release_date": "2020-11-28T17:52:20Z",
      "generator": {
        "date": "2020-11-28T17:52:20Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2020:2098-1",
      "initial_release_date": "2020-11-28T17:52:20Z",
      "revision_history": [
        {
          "date": "2020-11-28T17:52:20Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ucode-intel-20201118-lp151.2.33.1.x86_64",
                "product": {
                  "name": "ucode-intel-20201118-lp151.2.33.1.x86_64",
                  "product_id": "ucode-intel-20201118-lp151.2.33.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.1",
                "product": {
                  "name": "openSUSE Leap 15.1",
                  "product_id": "openSUSE Leap 15.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201118-lp151.2.33.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:ucode-intel-20201118-lp151.2.33.1.x86_64"
        },
        "product_reference": "ucode-intel-20201118-lp151.2.33.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-8695",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8695"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:ucode-intel-20201118-lp151.2.33.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8695",
          "url": "https://www.suse.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170415 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170415"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170446 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170446"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178591 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1178591"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:ucode-intel-20201118-lp151.2.33.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:ucode-intel-20201118-lp151.2.33.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-28T17:52:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8695"
    },
    {
      "cve": "CVE-2020-8696",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8696"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:ucode-intel-20201118-lp151.2.33.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8696",
          "url": "https://www.suse.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173592 for CVE-2020-8696",
          "url": "https://bugzilla.suse.com/1173592"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:ucode-intel-20201118-lp151.2.33.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:ucode-intel-20201118-lp151.2.33.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-28T17:52:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8696"
    },
    {
      "cve": "CVE-2020-8698",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8698"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:ucode-intel-20201118-lp151.2.33.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8698",
          "url": "https://www.suse.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173594 for CVE-2020-8698",
          "url": "https://bugzilla.suse.com/1173594"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:ucode-intel-20201118-lp151.2.33.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:ucode-intel-20201118-lp151.2.33.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-28T17:52:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8698"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "ucode-intel-20210608-1.2 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the ucode-intel-20210608-1.2 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-11478",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11478-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-5715 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-5715/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12126 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12126/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12130 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12130/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-3640 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-3640/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-11135 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-11135/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-11139 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-11139/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-0543 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-0543/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-0548 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-0548/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-24489 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-24489/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-24511 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-24511/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-24512 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-24512/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-24513 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-24513/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8695 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8695/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8696 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8696/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8698 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8698/"
      }
    ],
    "title": "ucode-intel-20210608-1.2 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:11478-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ucode-intel-20210608-1.2.aarch64",
                "product": {
                  "name": "ucode-intel-20210608-1.2.aarch64",
                  "product_id": "ucode-intel-20210608-1.2.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ucode-intel-20210608-1.2.ppc64le",
                "product": {
                  "name": "ucode-intel-20210608-1.2.ppc64le",
                  "product_id": "ucode-intel-20210608-1.2.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ucode-intel-20210608-1.2.s390x",
                "product": {
                  "name": "ucode-intel-20210608-1.2.s390x",
                  "product_id": "ucode-intel-20210608-1.2.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ucode-intel-20210608-1.2.x86_64",
                "product": {
                  "name": "ucode-intel-20210608-1.2.x86_64",
                  "product_id": "ucode-intel-20210608-1.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20210608-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64"
        },
        "product_reference": "ucode-intel-20210608-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20210608-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le"
        },
        "product_reference": "ucode-intel-20210608-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20210608-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x"
        },
        "product_reference": "ucode-intel-20210608-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20210608-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
        },
        "product_reference": "ucode-intel-20210608-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-5715",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-5715"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-5715",
          "url": "https://www.suse.com/security/cve/CVE-2017-5715"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1068032 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1068032"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1074562 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1074562"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1074578 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1074578"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1074701 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1074701"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1074741 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1074741"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1074919 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1074919"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1075006 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1075006"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1075007 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1075007"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1075262 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1075262"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1075419 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1075419"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1076115 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1076115"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1076372 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1076372"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1076606 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1076606"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1078353 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1078353"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1080039 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1080039"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087887 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1087887"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087939 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1087939"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1088147 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1088147"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1089055 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1089055"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1091815 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1091815"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1095735 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1095735"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1102517 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1102517"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1105108 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1105108"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1126516 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1126516"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173489 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1173489"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1178658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201457 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1201457"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201877 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1201877"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1203236 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1203236"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-5715"
    },
    {
      "cve": "CVE-2018-12126",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12126"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12126",
          "url": "https://www.suse.com/security/cve/CVE-2018-12126"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1103186 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1103186"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1111331 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1111331"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1132686 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1132686"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1135409 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1135409"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1135524 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1135524"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1137916 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1137916"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138534 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1138534"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141977 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1141977"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149725 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1149725"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149726 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1149726"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149729 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1149729"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1178658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201877 for CVE-2018-12126",
          "url": "https://bugzilla.suse.com/1201877"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-12126"
    },
    {
      "cve": "CVE-2018-12130",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12130"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12130",
          "url": "https://www.suse.com/security/cve/CVE-2018-12130"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1103186 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1103186"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1111331 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1111331"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1132686 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1132686"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1135409 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1135409"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1137916 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1137916"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1138534 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1138534"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141977 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1141977"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1178658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201877 for CVE-2018-12130",
          "url": "https://bugzilla.suse.com/1201877"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-12130"
    },
    {
      "cve": "CVE-2018-3640",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-3640"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-3640",
          "url": "https://www.suse.com/security/cve/CVE-2018-3640"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1074701 for CVE-2018-3640",
          "url": "https://bugzilla.suse.com/1074701"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087078 for CVE-2018-3640",
          "url": "https://bugzilla.suse.com/1087078"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087083 for CVE-2018-3640",
          "url": "https://bugzilla.suse.com/1087083"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1094912 for CVE-2018-3640",
          "url": "https://bugzilla.suse.com/1094912"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1098813 for CVE-2018-3640",
          "url": "https://bugzilla.suse.com/1098813"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1100394 for CVE-2018-3640",
          "url": "https://bugzilla.suse.com/1100394"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2018-3640",
          "url": "https://bugzilla.suse.com/1115893"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1175912 for CVE-2018-3640",
          "url": "https://bugzilla.suse.com/1175912"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201877 for CVE-2018-3640",
          "url": "https://bugzilla.suse.com/1201877"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-3640"
    },
    {
      "cve": "CVE-2019-11135",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-11135"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-11135",
          "url": "https://www.suse.com/security/cve/CVE-2019-11135"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1139073 for CVE-2019-11135",
          "url": "https://bugzilla.suse.com/1139073"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1152497 for CVE-2019-11135",
          "url": "https://bugzilla.suse.com/1152497"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1152505 for CVE-2019-11135",
          "url": "https://bugzilla.suse.com/1152505"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1152506 for CVE-2019-11135",
          "url": "https://bugzilla.suse.com/1152506"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1160120 for CVE-2019-11135",
          "url": "https://bugzilla.suse.com/1160120"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201877 for CVE-2019-11135",
          "url": "https://bugzilla.suse.com/1201877"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-11135"
    },
    {
      "cve": "CVE-2019-11139",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-11139"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-11139",
          "url": "https://www.suse.com/security/cve/CVE-2019-11139"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141035 for CVE-2019-11139",
          "url": "https://bugzilla.suse.com/1141035"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-11139"
    },
    {
      "cve": "CVE-2020-0543",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-0543"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-0543",
          "url": "https://www.suse.com/security/cve/CVE-2020-0543"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1154824 for CVE-2020-0543",
          "url": "https://bugzilla.suse.com/1154824"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1172205 for CVE-2020-0543",
          "url": "https://bugzilla.suse.com/1172205"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1172206 for CVE-2020-0543",
          "url": "https://bugzilla.suse.com/1172206"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1172207 for CVE-2020-0543",
          "url": "https://bugzilla.suse.com/1172207"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1172770 for CVE-2020-0543",
          "url": "https://bugzilla.suse.com/1172770"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2020-0543",
          "url": "https://bugzilla.suse.com/1178658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201877 for CVE-2020-0543",
          "url": "https://bugzilla.suse.com/1201877"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-0543"
    },
    {
      "cve": "CVE-2020-0548",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-0548"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-0548",
          "url": "https://www.suse.com/security/cve/CVE-2020-0548"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1156353 for CVE-2020-0548",
          "url": "https://bugzilla.suse.com/1156353"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-0548"
    },
    {
      "cve": "CVE-2020-24489",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-24489"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-24489",
          "url": "https://www.suse.com/security/cve/CVE-2020-24489"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179839 for CVE-2020-24489",
          "url": "https://bugzilla.suse.com/1179839"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1192359 for CVE-2020-24489",
          "url": "https://bugzilla.suse.com/1192359"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1199300 for CVE-2020-24489",
          "url": "https://bugzilla.suse.com/1199300"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201731 for CVE-2020-24489",
          "url": "https://bugzilla.suse.com/1201731"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1225680 for CVE-2020-24489",
          "url": "https://bugzilla.suse.com/1225680"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-24489"
    },
    {
      "cve": "CVE-2020-24511",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-24511"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-24511",
          "url": "https://www.suse.com/security/cve/CVE-2020-24511"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179836 for CVE-2020-24511",
          "url": "https://bugzilla.suse.com/1179836"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1192360 for CVE-2020-24511",
          "url": "https://bugzilla.suse.com/1192360"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1199300 for CVE-2020-24511",
          "url": "https://bugzilla.suse.com/1199300"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201731 for CVE-2020-24511",
          "url": "https://bugzilla.suse.com/1201731"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-24511"
    },
    {
      "cve": "CVE-2020-24512",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-24512"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-24512",
          "url": "https://www.suse.com/security/cve/CVE-2020-24512"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179837 for CVE-2020-24512",
          "url": "https://bugzilla.suse.com/1179837"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1192360 for CVE-2020-24512",
          "url": "https://bugzilla.suse.com/1192360"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1199300 for CVE-2020-24512",
          "url": "https://bugzilla.suse.com/1199300"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201731 for CVE-2020-24512",
          "url": "https://bugzilla.suse.com/1201731"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2020-24512"
    },
    {
      "cve": "CVE-2020-24513",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-24513"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-24513",
          "url": "https://www.suse.com/security/cve/CVE-2020-24513"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179833 for CVE-2020-24513",
          "url": "https://bugzilla.suse.com/1179833"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1192360 for CVE-2020-24513",
          "url": "https://bugzilla.suse.com/1192360"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1199300 for CVE-2020-24513",
          "url": "https://bugzilla.suse.com/1199300"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201731 for CVE-2020-24513",
          "url": "https://bugzilla.suse.com/1201731"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-24513"
    },
    {
      "cve": "CVE-2020-8695",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8695"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8695",
          "url": "https://www.suse.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170415 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170415"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170446 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170446"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178591 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1178591"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8695"
    },
    {
      "cve": "CVE-2020-8696",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8696"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8696",
          "url": "https://www.suse.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173592 for CVE-2020-8696",
          "url": "https://bugzilla.suse.com/1173592"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8696"
    },
    {
      "cve": "CVE-2020-8698",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8698"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
          "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8698",
          "url": "https://www.suse.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173594 for CVE-2020-8698",
          "url": "https://bugzilla.suse.com/1173594"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.aarch64",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.ppc64le",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.s390x",
            "openSUSE Tumbleweed:ucode-intel-20210608-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8698"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "docker-24.0.7_ce-2.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the docker-24.0.7_ce-2.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-13469",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13469-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-12912 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-12912/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8694 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8694/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8695 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8695/"
      }
    ],
    "title": "docker-24.0.7_ce-2.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:13469-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "docker-24.0.7_ce-2.1.aarch64",
                "product": {
                  "name": "docker-24.0.7_ce-2.1.aarch64",
                  "product_id": "docker-24.0.7_ce-2.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "docker-bash-completion-24.0.7_ce-2.1.aarch64",
                "product": {
                  "name": "docker-bash-completion-24.0.7_ce-2.1.aarch64",
                  "product_id": "docker-bash-completion-24.0.7_ce-2.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "docker-fish-completion-24.0.7_ce-2.1.aarch64",
                "product": {
                  "name": "docker-fish-completion-24.0.7_ce-2.1.aarch64",
                  "product_id": "docker-fish-completion-24.0.7_ce-2.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "docker-rootless-extras-24.0.7_ce-2.1.aarch64",
                "product": {
                  "name": "docker-rootless-extras-24.0.7_ce-2.1.aarch64",
                  "product_id": "docker-rootless-extras-24.0.7_ce-2.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "docker-zsh-completion-24.0.7_ce-2.1.aarch64",
                "product": {
                  "name": "docker-zsh-completion-24.0.7_ce-2.1.aarch64",
                  "product_id": "docker-zsh-completion-24.0.7_ce-2.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "docker-24.0.7_ce-2.1.ppc64le",
                "product": {
                  "name": "docker-24.0.7_ce-2.1.ppc64le",
                  "product_id": "docker-24.0.7_ce-2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "docker-bash-completion-24.0.7_ce-2.1.ppc64le",
                "product": {
                  "name": "docker-bash-completion-24.0.7_ce-2.1.ppc64le",
                  "product_id": "docker-bash-completion-24.0.7_ce-2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "docker-fish-completion-24.0.7_ce-2.1.ppc64le",
                "product": {
                  "name": "docker-fish-completion-24.0.7_ce-2.1.ppc64le",
                  "product_id": "docker-fish-completion-24.0.7_ce-2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "docker-rootless-extras-24.0.7_ce-2.1.ppc64le",
                "product": {
                  "name": "docker-rootless-extras-24.0.7_ce-2.1.ppc64le",
                  "product_id": "docker-rootless-extras-24.0.7_ce-2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "docker-zsh-completion-24.0.7_ce-2.1.ppc64le",
                "product": {
                  "name": "docker-zsh-completion-24.0.7_ce-2.1.ppc64le",
                  "product_id": "docker-zsh-completion-24.0.7_ce-2.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "docker-24.0.7_ce-2.1.s390x",
                "product": {
                  "name": "docker-24.0.7_ce-2.1.s390x",
                  "product_id": "docker-24.0.7_ce-2.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "docker-bash-completion-24.0.7_ce-2.1.s390x",
                "product": {
                  "name": "docker-bash-completion-24.0.7_ce-2.1.s390x",
                  "product_id": "docker-bash-completion-24.0.7_ce-2.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "docker-fish-completion-24.0.7_ce-2.1.s390x",
                "product": {
                  "name": "docker-fish-completion-24.0.7_ce-2.1.s390x",
                  "product_id": "docker-fish-completion-24.0.7_ce-2.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "docker-rootless-extras-24.0.7_ce-2.1.s390x",
                "product": {
                  "name": "docker-rootless-extras-24.0.7_ce-2.1.s390x",
                  "product_id": "docker-rootless-extras-24.0.7_ce-2.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "docker-zsh-completion-24.0.7_ce-2.1.s390x",
                "product": {
                  "name": "docker-zsh-completion-24.0.7_ce-2.1.s390x",
                  "product_id": "docker-zsh-completion-24.0.7_ce-2.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "docker-24.0.7_ce-2.1.x86_64",
                "product": {
                  "name": "docker-24.0.7_ce-2.1.x86_64",
                  "product_id": "docker-24.0.7_ce-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "docker-bash-completion-24.0.7_ce-2.1.x86_64",
                "product": {
                  "name": "docker-bash-completion-24.0.7_ce-2.1.x86_64",
                  "product_id": "docker-bash-completion-24.0.7_ce-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "docker-fish-completion-24.0.7_ce-2.1.x86_64",
                "product": {
                  "name": "docker-fish-completion-24.0.7_ce-2.1.x86_64",
                  "product_id": "docker-fish-completion-24.0.7_ce-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "docker-rootless-extras-24.0.7_ce-2.1.x86_64",
                "product": {
                  "name": "docker-rootless-extras-24.0.7_ce-2.1.x86_64",
                  "product_id": "docker-rootless-extras-24.0.7_ce-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "docker-zsh-completion-24.0.7_ce-2.1.x86_64",
                "product": {
                  "name": "docker-zsh-completion-24.0.7_ce-2.1.x86_64",
                  "product_id": "docker-zsh-completion-24.0.7_ce-2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-2.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.aarch64"
        },
        "product_reference": "docker-24.0.7_ce-2.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-2.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.ppc64le"
        },
        "product_reference": "docker-24.0.7_ce-2.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-2.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.s390x"
        },
        "product_reference": "docker-24.0.7_ce-2.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-24.0.7_ce-2.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.x86_64"
        },
        "product_reference": "docker-24.0.7_ce-2.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-bash-completion-24.0.7_ce-2.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.aarch64"
        },
        "product_reference": "docker-bash-completion-24.0.7_ce-2.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-bash-completion-24.0.7_ce-2.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.ppc64le"
        },
        "product_reference": "docker-bash-completion-24.0.7_ce-2.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-bash-completion-24.0.7_ce-2.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.s390x"
        },
        "product_reference": "docker-bash-completion-24.0.7_ce-2.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-bash-completion-24.0.7_ce-2.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.x86_64"
        },
        "product_reference": "docker-bash-completion-24.0.7_ce-2.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-fish-completion-24.0.7_ce-2.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.aarch64"
        },
        "product_reference": "docker-fish-completion-24.0.7_ce-2.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-fish-completion-24.0.7_ce-2.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.ppc64le"
        },
        "product_reference": "docker-fish-completion-24.0.7_ce-2.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-fish-completion-24.0.7_ce-2.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.s390x"
        },
        "product_reference": "docker-fish-completion-24.0.7_ce-2.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-fish-completion-24.0.7_ce-2.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.x86_64"
        },
        "product_reference": "docker-fish-completion-24.0.7_ce-2.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-rootless-extras-24.0.7_ce-2.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.aarch64"
        },
        "product_reference": "docker-rootless-extras-24.0.7_ce-2.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-rootless-extras-24.0.7_ce-2.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.ppc64le"
        },
        "product_reference": "docker-rootless-extras-24.0.7_ce-2.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-rootless-extras-24.0.7_ce-2.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.s390x"
        },
        "product_reference": "docker-rootless-extras-24.0.7_ce-2.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-rootless-extras-24.0.7_ce-2.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.x86_64"
        },
        "product_reference": "docker-rootless-extras-24.0.7_ce-2.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-zsh-completion-24.0.7_ce-2.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.aarch64"
        },
        "product_reference": "docker-zsh-completion-24.0.7_ce-2.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-zsh-completion-24.0.7_ce-2.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.ppc64le"
        },
        "product_reference": "docker-zsh-completion-24.0.7_ce-2.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-zsh-completion-24.0.7_ce-2.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.s390x"
        },
        "product_reference": "docker-zsh-completion-24.0.7_ce-2.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "docker-zsh-completion-24.0.7_ce-2.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.x86_64"
        },
        "product_reference": "docker-zsh-completion-24.0.7_ce-2.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-12912",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-12912"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A potential vulnerability in the AMD extension to Linux \"hwmon\" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.aarch64",
          "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.ppc64le",
          "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.s390x",
          "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.x86_64",
          "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.aarch64",
          "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.ppc64le",
          "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.s390x",
          "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.x86_64",
          "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.aarch64",
          "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.ppc64le",
          "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.s390x",
          "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.x86_64",
          "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.aarch64",
          "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.ppc64le",
          "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.s390x",
          "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.x86_64",
          "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.aarch64",
          "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.ppc64le",
          "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.s390x",
          "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-12912",
          "url": "https://www.suse.com/security/cve/CVE-2020-12912"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178760 for CVE-2020-12912",
          "url": "https://bugzilla.suse.com/1178760"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.aarch64",
            "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.ppc64le",
            "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.s390x",
            "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.x86_64",
            "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.aarch64",
            "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.ppc64le",
            "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.s390x",
            "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.x86_64",
            "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.aarch64",
            "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.ppc64le",
            "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.s390x",
            "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.x86_64",
            "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.aarch64",
            "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.ppc64le",
            "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.s390x",
            "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.x86_64",
            "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.aarch64",
            "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.ppc64le",
            "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.s390x",
            "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.aarch64",
            "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.ppc64le",
            "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.s390x",
            "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.x86_64",
            "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.aarch64",
            "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.ppc64le",
            "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.s390x",
            "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.x86_64",
            "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.aarch64",
            "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.ppc64le",
            "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.s390x",
            "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.x86_64",
            "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.aarch64",
            "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.ppc64le",
            "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.s390x",
            "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.x86_64",
            "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.aarch64",
            "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.ppc64le",
            "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.s390x",
            "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-12912"
    },
    {
      "cve": "CVE-2020-8694",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8694"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.aarch64",
          "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.ppc64le",
          "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.s390x",
          "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.x86_64",
          "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.aarch64",
          "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.ppc64le",
          "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.s390x",
          "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.x86_64",
          "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.aarch64",
          "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.ppc64le",
          "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.s390x",
          "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.x86_64",
          "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.aarch64",
          "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.ppc64le",
          "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.s390x",
          "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.x86_64",
          "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.aarch64",
          "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.ppc64le",
          "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.s390x",
          "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8694",
          "url": "https://www.suse.com/security/cve/CVE-2020-8694"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170415 for CVE-2020-8694",
          "url": "https://bugzilla.suse.com/1170415"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170446 for CVE-2020-8694",
          "url": "https://bugzilla.suse.com/1170446"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178591 for CVE-2020-8694",
          "url": "https://bugzilla.suse.com/1178591"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178700 for CVE-2020-8694",
          "url": "https://bugzilla.suse.com/1178700"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179661 for CVE-2020-8694",
          "url": "https://bugzilla.suse.com/1179661"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.aarch64",
            "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.ppc64le",
            "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.s390x",
            "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.x86_64",
            "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.aarch64",
            "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.ppc64le",
            "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.s390x",
            "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.x86_64",
            "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.aarch64",
            "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.ppc64le",
            "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.s390x",
            "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.x86_64",
            "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.aarch64",
            "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.ppc64le",
            "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.s390x",
            "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.x86_64",
            "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.aarch64",
            "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.ppc64le",
            "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.s390x",
            "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.aarch64",
            "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.ppc64le",
            "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.s390x",
            "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.x86_64",
            "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.aarch64",
            "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.ppc64le",
            "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.s390x",
            "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.x86_64",
            "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.aarch64",
            "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.ppc64le",
            "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.s390x",
            "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.x86_64",
            "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.aarch64",
            "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.ppc64le",
            "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.s390x",
            "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.x86_64",
            "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.aarch64",
            "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.ppc64le",
            "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.s390x",
            "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8694"
    },
    {
      "cve": "CVE-2020-8695",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8695"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.aarch64",
          "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.ppc64le",
          "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.s390x",
          "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.x86_64",
          "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.aarch64",
          "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.ppc64le",
          "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.s390x",
          "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.x86_64",
          "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.aarch64",
          "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.ppc64le",
          "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.s390x",
          "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.x86_64",
          "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.aarch64",
          "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.ppc64le",
          "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.s390x",
          "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.x86_64",
          "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.aarch64",
          "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.ppc64le",
          "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.s390x",
          "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8695",
          "url": "https://www.suse.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170415 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170415"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170446 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170446"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178591 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1178591"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.aarch64",
            "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.ppc64le",
            "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.s390x",
            "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.x86_64",
            "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.aarch64",
            "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.ppc64le",
            "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.s390x",
            "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.x86_64",
            "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.aarch64",
            "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.ppc64le",
            "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.s390x",
            "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.x86_64",
            "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.aarch64",
            "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.ppc64le",
            "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.s390x",
            "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.x86_64",
            "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.aarch64",
            "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.ppc64le",
            "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.s390x",
            "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.aarch64",
            "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.ppc64le",
            "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.s390x",
            "openSUSE Tumbleweed:docker-24.0.7_ce-2.1.x86_64",
            "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.aarch64",
            "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.ppc64le",
            "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.s390x",
            "openSUSE Tumbleweed:docker-bash-completion-24.0.7_ce-2.1.x86_64",
            "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.aarch64",
            "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.ppc64le",
            "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.s390x",
            "openSUSE Tumbleweed:docker-fish-completion-24.0.7_ce-2.1.x86_64",
            "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.aarch64",
            "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.ppc64le",
            "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.s390x",
            "openSUSE Tumbleweed:docker-rootless-extras-24.0.7_ce-2.1.x86_64",
            "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.aarch64",
            "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.ppc64le",
            "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.s390x",
            "openSUSE Tumbleweed:docker-zsh-completion-24.0.7_ce-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8695"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for ucode-intel",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for ucode-intel fixes the following issues:\n\n- Updated Intel CPU Microcode to 20201118 official release. (bsc#1178971)\n\n  - Removed TGL/06-8c-01/80 due to functional issues with some OEM platforms.\n\n- Updated Intel CPU Microcode to 20201110 official release.\n - CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446)\n - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594)\n - CVE-2020-8696: Vector Register Sampling Active INTEL-SA-00381 (bsc#1173592)\n\n- Release notes:\n  - Security updates for [INTEL-SA-00381](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html).\n  - Security updates for [INTEL-SA-00389](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html).\n  - Update for functional issues. Refer to [Second Generation Intel\u00ae Xeon\u00ae Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details.\n  - Update for functional issues. Refer to [Intel\u00ae Xeon\u00ae Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details.\n  - Update for functional issues. Refer to [Intel\u00ae Xeon\u00ae Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details.\n  - Update for functional issues. Refer to [10th Gen Intel\u00ae Core\u2122 Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details.\n  - Update for functional issues. Refer to [8th and 9th Gen Intel\u00ae Core\u2122 Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details.\n  - Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel\u00ae Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details.\n  - Update for functional issues. Refer to [6th Gen Intel\u00ae Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details.\n  - Update for functional issues. Refer to [Intel\u00ae Xeon\u00ae E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details.\n  - Update for functional issues. Refer to [Intel\u00ae Xeon\u00ae E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details.\n\n  ### New Platforms\n  | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products\n  |:---------------|:---------|:------------|:---------|:---------|:---------\n  | CPX-SP         | A1       | 06-55-0b/bf |          | 0700001e | Xeon Scalable Gen3\n  | LKF            | B2/B3    | 06-8a-01/10 |          | 00000028 | Core w/Hybrid Technology\n  | TGL            | B1       | 06-8c-01/80 |          | 00000068 | Core Gen11 Mobile\n  | CML-H          | R1       | 06-a5-02/20 |          | 000000e0 | Core Gen10 Mobile\n  | CML-S62        | G1       | 06-a5-03/22 |          | 000000e0 | Core Gen10\n  | CML-S102       | Q0       | 06-a5-05/22 |          | 000000e0 | Core Gen10\n  | CML-U62 V2     | K0       | 06-a6-01/80 |          | 000000e0 | Core Gen10 Mobile\n  \n  ### Updated Platforms\n  | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products\n  |:---------------|:---------|:------------|:---------|:---------|:---------\n  | HSX-E/EP       | Cx/M1    | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3\n  | SKL-U/Y        | D0       | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile\n  | SKL-U23e       | K1       | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile\n  | SKX-SP         | B1       | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable\n  | SKX-SP         | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable\n  | SKX-D          | M1       | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx\n  | CLX-SP         | B0       | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2\n  | CLX-SP         | B1       | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2\n  | APL            | D0       | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx\n  | APL            | E0       | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx\n  | SKL-H/S        | R0/N0    | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5\n  | GKL-R          | R0       | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120\n  | ICL-U/Y        | D1       | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile\n  | AML-Y22        | H0       | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile\n  | KBL-U/Y        | H0       | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile\n  | CFL-U43e       | D0       | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile\n  | WHL-U          | W0       | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile\n  | AML-Y42        | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile\n  | CML-Y42        | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile\n  | WHL-U          | V0       | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile\n  | KBL-G/H/S/E3   | B0       | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6\n  | CFL-H/S/E3     | U0       | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E\n  | CFL-S          | B0       | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8\n  | CFL-H/S        | P0       | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9\n  | CFL-H          | R0       | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile\n  | CML-U62        | A0       | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2020-2075",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_2075-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2020:2075-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JAVL7PXBHMY5MEXAKSQM6PTNW6CHJJC2/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2020:2075-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JAVL7PXBHMY5MEXAKSQM6PTNW6CHJJC2/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1170446",
        "url": "https://bugzilla.suse.com/1170446"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1173592",
        "url": "https://bugzilla.suse.com/1173592"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1173594",
        "url": "https://bugzilla.suse.com/1173594"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178971",
        "url": "https://bugzilla.suse.com/1178971"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8695 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8695/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8696 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8696/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8698 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8698/"
      }
    ],
    "title": "Security update for ucode-intel",
    "tracking": {
      "current_release_date": "2020-11-27T07:42:26Z",
      "generator": {
        "date": "2020-11-27T07:42:26Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2020:2075-1",
      "initial_release_date": "2020-11-27T07:42:26Z",
      "revision_history": [
        {
          "date": "2020-11-27T07:42:26Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ucode-intel-20201118-lp152.2.8.1.x86_64",
                "product": {
                  "name": "ucode-intel-20201118-lp152.2.8.1.x86_64",
                  "product_id": "ucode-intel-20201118-lp152.2.8.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.2",
                "product": {
                  "name": "openSUSE Leap 15.2",
                  "product_id": "openSUSE Leap 15.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ucode-intel-20201118-lp152.2.8.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:ucode-intel-20201118-lp152.2.8.1.x86_64"
        },
        "product_reference": "ucode-intel-20201118-lp152.2.8.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-8695",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8695"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:ucode-intel-20201118-lp152.2.8.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8695",
          "url": "https://www.suse.com/security/cve/CVE-2020-8695"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170415 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170415"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170446 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1170446"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178591 for CVE-2020-8695",
          "url": "https://bugzilla.suse.com/1178591"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:ucode-intel-20201118-lp152.2.8.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:ucode-intel-20201118-lp152.2.8.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-27T07:42:26Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8695"
    },
    {
      "cve": "CVE-2020-8696",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8696"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:ucode-intel-20201118-lp152.2.8.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8696",
          "url": "https://www.suse.com/security/cve/CVE-2020-8696"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173592 for CVE-2020-8696",
          "url": "https://bugzilla.suse.com/1173592"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:ucode-intel-20201118-lp152.2.8.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:ucode-intel-20201118-lp152.2.8.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-27T07:42:26Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8696"
    },
    {
      "cve": "CVE-2020-8698",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8698"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:ucode-intel-20201118-lp152.2.8.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8698",
          "url": "https://www.suse.com/security/cve/CVE-2020-8698"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173594 for CVE-2020-8698",
          "url": "https://bugzilla.suse.com/1173594"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:ucode-intel-20201118-lp152.2.8.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:ucode-intel-20201118-lp152.2.8.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-27T07:42:26Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8698"
    }
  ]
}