This security advisory describes one low risk vulnerability.
1) Information disclosure
Risk: Low
CVSSv3: 3.5 [CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-24491
CWE-ID: CWE-200 - Information Exposure
Exploit availability: No
Description
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to debug message contains addresses of memory transactions. A local administrator can gain unauthorized access to sensitive information on the system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Software Guard Extensions (SGX): All versions
i7-1060G7: All versions
i7-1065G7: All versions
i5-1030G4: All versions
i5-1030G7: All versions
i5-1035G1: All versions
i5-1035G4: All versions
i5-1035G7: All versions
i3-1000G1: All versions
i3-1000G4: All versions
i3-1005G1: All versions
CPE
External links
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00455.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. ..
Support the originator by clicking the read the rest link below.
