{
  "threat_severity" : "Moderate",
  "public_date" : "2020-11-10T13:55:00Z",
  "bugzilla" : {
    "description" : "hw: Vector Register Leakage-Active",
    "id" : "1890355",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1890355"
  },
  "cvss3" : {
    "cvss3_base_score" : "2.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-212",
  "details" : [ "Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", "A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state." ],
  "acknowledgement" : "Red Hat would like to thank Intel for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2020-11-11T00:00:00Z",
    "advisory" : "RHSA-2020:5084",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "microcode_ctl-2:1.17-33.31.el6_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6.5 Advanced Update Support",
    "release_date" : "2020-11-23T00:00:00Z",
    "advisory" : "RHSA-2020:5189",
    "cpe" : "cpe:/o:redhat:rhel_aus:6.5",
    "package" : "microcode_ctl-2:1.17-17.34.el6_5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6.6 Advanced Update Support",
    "release_date" : "2020-11-23T00:00:00Z",
    "advisory" : "RHSA-2020:5184",
    "cpe" : "cpe:/o:redhat:rhel_aus:6.6",
    "package" : "microcode_ctl-2:1.17-19.32.el6_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2021-02-22T00:00:00Z",
    "advisory" : "RHBA-2021:0623",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "microcode_ctl-2:2.1-73.8.el7_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2020-11-11T00:00:00Z",
    "advisory" : "RHSA-2020:5083",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "microcode_ctl-2:2.1-73.2.el7_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2021-08-09T00:00:00Z",
    "advisory" : "RHSA-2021:3028",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "microcode_ctl-2:2.1-73.11.el7_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.2 Advanced Update Support",
    "release_date" : "2021-02-22T00:00:00Z",
    "advisory" : "RHBA-2021:0627",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.2",
    "package" : "microcode_ctl-2:2.1-12.36.el7_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.2 Advanced Update Support",
    "release_date" : "2020-11-23T00:00:00Z",
    "advisory" : "RHSA-2020:5188",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.2",
    "package" : "microcode_ctl-2:2.1-12.34.el7_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.2 Advanced Update Support",
    "release_date" : "2021-08-31T00:00:00Z",
    "advisory" : "RHSA-2021:3323",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.2",
    "package" : "microcode_ctl-2:2.1-12.39.el7_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.3 Advanced Update Support",
    "release_date" : "2021-02-22T00:00:00Z",
    "advisory" : "RHBA-2021:0622",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.3",
    "package" : "microcode_ctl-2:2.1-16.39.el7_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.3 Advanced Update Support",
    "release_date" : "2020-11-23T00:00:00Z",
    "advisory" : "RHSA-2020:5183",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.3",
    "package" : "microcode_ctl-2:2.1-16.37.el7_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.3 Advanced Update Support",
    "release_date" : "2021-08-31T00:00:00Z",
    "advisory" : "RHSA-2021:3322",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.3",
    "package" : "microcode_ctl-2:2.1-16.42.el7_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.3 Telco Extended Update Support",
    "release_date" : "2020-11-23T00:00:00Z",
    "advisory" : "RHSA-2020:5183",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.3",
    "package" : "microcode_ctl-2:2.1-16.37.el7_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions",
    "release_date" : "2020-11-23T00:00:00Z",
    "advisory" : "RHSA-2020:5183",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.3",
    "package" : "microcode_ctl-2:2.1-16.37.el7_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Advanced Update Support",
    "release_date" : "2021-02-22T00:00:00Z",
    "advisory" : "RHBA-2021:0628",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.4",
    "package" : "microcode_ctl-2:2.1-22.38.el7_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Advanced Update Support",
    "release_date" : "2020-11-23T00:00:00Z",
    "advisory" : "RHSA-2020:5182",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.4",
    "package" : "microcode_ctl-2:2.1-22.36.el7_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Advanced Update Support",
    "release_date" : "2021-08-24T00:00:00Z",
    "advisory" : "RHSA-2021:3255",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.4",
    "package" : "microcode_ctl-2:2.1-22.41.el7_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Telco Extended Update Support",
    "release_date" : "2021-02-22T00:00:00Z",
    "advisory" : "RHBA-2021:0628",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.4",
    "package" : "microcode_ctl-2:2.1-22.38.el7_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Telco Extended Update Support",
    "release_date" : "2020-11-23T00:00:00Z",
    "advisory" : "RHSA-2020:5182",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.4",
    "package" : "microcode_ctl-2:2.1-22.36.el7_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Telco Extended Update Support",
    "release_date" : "2021-08-24T00:00:00Z",
    "advisory" : "RHSA-2021:3255",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.4",
    "package" : "microcode_ctl-2:2.1-22.41.el7_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions",
    "release_date" : "2021-02-22T00:00:00Z",
    "advisory" : "RHBA-2021:0628",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.4",
    "package" : "microcode_ctl-2:2.1-22.38.el7_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions",
    "release_date" : "2020-11-23T00:00:00Z",
    "advisory" : "RHSA-2020:5182",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.4",
    "package" : "microcode_ctl-2:2.1-22.36.el7_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions",
    "release_date" : "2021-08-24T00:00:00Z",
    "advisory" : "RHSA-2021:3255",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.4",
    "package" : "microcode_ctl-2:2.1-22.41.el7_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)",
    "release_date" : "2021-08-31T00:00:00Z",
    "advisory" : "RHSA-2021:3317",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.6",
    "package" : "microcode_ctl-2:2.1-47.23.el7_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Extended Update Support",
    "release_date" : "2021-02-22T00:00:00Z",
    "advisory" : "RHBA-2021:0626",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.6",
    "package" : "microcode_ctl-2:2.1-47.20.el7_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Extended Update Support",
    "release_date" : "2020-11-23T00:00:00Z",
    "advisory" : "RHSA-2020:5181",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.6",
    "package" : "microcode_ctl-2:2.1-47.18.el7_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Telco Extended Update Support",
    "release_date" : "2021-08-31T00:00:00Z",
    "advisory" : "RHSA-2021:3317",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.6",
    "package" : "microcode_ctl-2:2.1-47.23.el7_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions",
    "release_date" : "2021-08-31T00:00:00Z",
    "advisory" : "RHSA-2021:3317",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.6",
    "package" : "microcode_ctl-2:2.1-47.23.el7_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.7 Extended Update Support",
    "release_date" : "2021-02-22T00:00:00Z",
    "advisory" : "RHBA-2021:0625",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.7",
    "package" : "microcode_ctl-2:2.1-53.15.el7_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.7 Extended Update Support",
    "release_date" : "2020-11-23T00:00:00Z",
    "advisory" : "RHSA-2020:5190",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.7",
    "package" : "microcode_ctl-2:2.1-53.13.el7_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.7 Extended Update Support",
    "release_date" : "2021-08-10T00:00:00Z",
    "advisory" : "RHSA-2021:3029",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.7",
    "package" : "microcode_ctl-2:2.1-53.18.el7_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-02-22T00:00:00Z",
    "advisory" : "RHBA-2021:0621",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "microcode_ctl-4:20200609-2.20210216.1.el8_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2020-11-11T00:00:00Z",
    "advisory" : "RHSA-2020:5085",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "microcode_ctl-4:20200609-2.20201027.1.el8_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-08-09T00:00:00Z",
    "advisory" : "RHSA-2021:3027",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "microcode_ctl-4:20210216-1.20210608.1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions",
    "release_date" : "2020-11-23T00:00:00Z",
    "advisory" : "RHSA-2020:5186",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.0",
    "package" : "microcode_ctl-4:20180807a-2.20201112.1.el8_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.1 Extended Update Support",
    "release_date" : "2021-02-22T00:00:00Z",
    "advisory" : "RHBA-2021:0624",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.1",
    "package" : "microcode_ctl-4:20190618-1.20210216.1.el8_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.1 Extended Update Support",
    "release_date" : "2020-12-08T00:00:00Z",
    "advisory" : "RHSA-2020:5369",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.1",
    "package" : "microcode_ctl-4:20190618-1.20201112.1.el8_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.1 Extended Update Support",
    "release_date" : "2021-08-17T00:00:00Z",
    "advisory" : "RHSA-2021:3176",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.1",
    "package" : "microcode_ctl-4:20190618-1.20210608.1.el8_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support",
    "release_date" : "2021-02-22T00:00:00Z",
    "advisory" : "RHBA-2021:0629",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.2",
    "package" : "microcode_ctl-4:20191115-4.20210216.1.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support",
    "release_date" : "2020-11-23T00:00:00Z",
    "advisory" : "RHSA-2020:5185",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.2",
    "package" : "microcode_ctl-4:20191115-4.20201112.1.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support",
    "release_date" : "2021-08-31T00:00:00Z",
    "advisory" : "RHSA-2021:3364",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.2",
    "package" : "microcode_ctl-4:20191115-4.20210608.1.el8_2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Out of support scope",
    "package_name" : "microcode_ctl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-8696\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8696\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html" ],
  "name" : "CVE-2020-8696",
  "csaw" : false
}