CVE-2020-4788

moderate-risk
Published 2020-11-20

IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.

Do I need to act?

-
0.20% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.7/10 Medium
LOCAL / HIGH complexity

Affected Products (14)

Aix
Aix
Aix
Aix
Aix
Aix

Affected Vendors

Ibm Oracle Fedoraproject

References (14)

Mailing List http://www.openwall.com/lists/oss-security/2020/11/20/3
Mailing List http://www.openwall.com/lists/oss-security/2020/11/23/1
VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/189296
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
Patch https://www.ibm.com/support/pages/node/6370729
Patch https://www.oracle.com/security-alerts/cpujul2022.html
Mailing List http://www.openwall.com/lists/oss-security/2020/11/20/3
Mailing List http://www.openwall.com/lists/oss-security/2020/11/23/1
VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/189296
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
Patch https://www.ibm.com/support/pages/node/6370729
Patch https://www.oracle.com/security-alerts/cpujul2022.html
31
/ 100
moderate-risk
Severity 12/34 · Low
Exploitability 1/34 · Minimal
Exposure 18/34 · Moderate