PublicDateAtUSN: 2021-06-08
Candidate: CVE-2020-24512
CRD: 2021-06-08
PublicDate: 2021-06-09 19:15:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24512
 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html
 https://ubuntu.com/security/notices/USN-4985-1
Description:
 Observable timing discrepancy in some Intel(R) Processors may allow an
 authenticated user to potentially enable information disclosure via local
 access.
Ubuntu-Description:
 Travis Downs discovered that some Intel processors did not properly flush
 cache-lines for trivial-data values. This may allow an unauthorized user to
 infer the presence of these trivial-data-cache-lines via timing sidechannel
 attacks. A local attacker could use this to expose sensitive information.
Notes: 
 sbeattie> INTEL-TA-00464
 sbeattie> no kernel component to this MCU update
Mitigation: 
Bugs: 
Priority: medium
Discovered-by: Travis Downs
Assigned-to: amurray
CVSS:
 intel: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N [2.8 LOW]
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N [3.3 LOW]


Patches_intel-microcode:
upstream_intel-microcode: needs-triage
precise/esm_intel-microcode: DNE
trusty_intel-microcode: ignored (out of standard support)
trusty/esm_intel-microcode: released (3.20210608.0ubuntu0.14.04.1+esm1)
xenial_intel-microcode: ignored (end of standard support, was needs-triage)
esm-infra/xenial_intel-microcode: released (3.20210608.0ubuntu0.16.04.1+esm1)
bionic_intel-microcode: released (3.20210608.0ubuntu0.18.04.1)
focal_intel-microcode: released (3.20210608.0ubuntu0.20.04.1)
groovy_intel-microcode: released (3.20210608.0ubuntu0.20.10.1)
hirsute_intel-microcode: released (3.20210608.0ubuntu0.21.04.1)
impish_intel-microcode: released (3.20210608.0ubuntu1)
jammy_intel-microcode: released (3.20210608.0ubuntu1)
devel_intel-microcode: released (3.20210608.0ubuntu1)