CVE-2020-13844

{"id": "CVE-2020-13844", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2020-06-08T23:15:10.047", "references": [{"url": "http://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00039.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00040.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://gcc.gnu.org/pipermail/gcc-patches/2020-June/547520.html", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00039.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00040.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://gcc.gnu.org/pipermail/gcc-patches/2020-June/547520.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-203"}]}], "descriptions": [{"lang": "en", "value": "Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka \"straight-line speculation.\""}, {"lang": "es", "value": "Las implementaciones principales de Arm Armv8-A, que usan la ejecuci\u00f3n especulativa m\u00e1s all\u00e1 de los cambios incondicionales en el flujo de control pueden permitir una divulgaci\u00f3n no autorizada de informaci\u00f3n a un atacante con acceso de usuario local por medio de un an\u00e1lisis de canal lateral, tambi\u00e9n se conoce como \"straight-line speculation.\""}], "lastModified": "2024-11-21T05:01:59.290", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a32_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A2DAFCD-0C51-412A-9CC9-F55112A93958"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a32:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "049894EE-B2FB-45D9-A372-098F169075AB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a35_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75367522-84C2-4E5C-8A4C-1CA351D152E6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a35:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C1CA84F9-EC36-4A57-BABC-8E74770D5327"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a53_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35B01CAB-2DD1-47D5-A331-B6C7A658C5D5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a53:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9FF65826-F828-421F-8009-5AA5D25387E6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a57_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68D895EC-B0A9-4292-AC64-60673F72C765"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a57:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B00CD88D-5649-403F-A55A-BD49427D30FA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a72_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38768B2B-F1A3-4A76-8716-9520CA075F3D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a72:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "16E23102-964E-485D-8EFF-4B1BBFE6EDE4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a73_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7173A6DC-4D4E-424C-A922-C16D67627834"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a73:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "33B1374D-59E8-4FE5-AC6C-0323AB1DD60D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a34_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54C5AF1F-673C-4AB6-98B4-53407C1A88EA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a34:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "075E31EF-1A88-4B29-99A4-475942FF5C7B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493"}, {"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}