Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-8992

Summary
Assigner-Honor
Assigner Org ID-3836d913-7555-4dd0-a509-f5667fdf5fe4
Published At-26 Dec, 2024 | 11:28
Updated At-26 Dec, 2024 | 16:38
Rejected At-
Credits

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Honor
Assigner Org ID:3836d913-7555-4dd0-a509-f5667fdf5fe4
Published At:26 Dec, 2024 | 11:28
Updated At:26 Dec, 2024 | 16:38
Rejected At:
▼CVE Numbering Authority (CNA)

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

Affected Products
Vendor
Honor Device Co., Ltd.Honor
Product
Magic OS
Default Status
unaffected
Versions
Affected
  • From 8.0 before 8.0.0.159 (custom)
Metrics
VersionBase scoreBase severityVector
3.14.0MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 4.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
ycmint working with ADLab of VenusTech
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.honor.com/global/security/cve-2024-8992/
N/A
Hyperlink: https://www.honor.com/global/security/cve-2024-8992/
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-203CWE-203 Observable Discrepancy
Type: CWE
CWE ID: CWE-203
Description: CWE-203 Observable Discrepancy
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:3836d913-7555-4dd0-a509-f5667fdf5fe4
Published At:26 Dec, 2024 | 12:15
Updated At:05 Jun, 2025 | 15:42

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.0MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 4.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CPE Matches
Honor Device Co., Ltd.
honor
>>magicos>>Versions from 8.0(inclusive) to 8.0.0.159(exclusive)
cpe:2.3:o:honor:magicos:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-203Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-203
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.honor.com/global/security/cve-2024-8992/3836d913-7555-4dd0-a509-f5667fdf5fe4
Vendor Advisory
Hyperlink: https://www.honor.com/global/security/cve-2024-8992/
Source: 3836d913-7555-4dd0-a509-f5667fdf5fe4
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

112Records found
CVE-2019-10483
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.77%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 10:46
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Side channel issue in QTEE due to usage of non-time-constant comparison function such as memcmp or strcmp in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8016, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA8081, QCS404, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwareapq8096_firmwaremdm9640_firmwaresdm632_firmwaremsm8996au_firmwaresdm845sdm450_firmwaresdm632apq8096sdm439qcs404_firmwaremdm9650sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996ausm7150apq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwareapq8076mdm9206sdm670_firmwareqcs404apq8076_firmwareipq8074sdm636sda845_firmwareapq8098mdm9205mdm9206_firmwareqcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwaresda660sdx55_firmwaresxr1130_firmwareqca8081_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwaresda845sdm850_firmwaremsm8920msm8953sdm450sdm636_firmwaresdm845_firmwareapq8098_firmwaresdx20msm8998_firmwaresdm660apq8016_firmwaresdm630mdm9607_firmwaremsm8920_firmwaremdm9655_firmwareipq8074_firmwaresdm710qm215mdm9607apq8017_firmwaresdm710_firmwareqca8081mdm9150msm8937mdm9207c_firmwaremsm8996_firmwaremsm8905mdm9207csm8150_firmwaremsm8909sxr2130_firmwaremdm9655apq8096ausdm439_firmwaresdm630_firmwaremdm9205_firmwaresda660_firmwareapq8016qm215_firmwaresdx55msm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaremsm8998sm8150sdx20_firmwaresdm850apq8017msm8996sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-47678
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 10.47%
||
7 Day CHG~0.00%
Published-21 Oct, 2024 | 11:53
Updated-04 May, 2025 | 09:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
icmp: change the order of rate limits

In the Linux kernel, the following vulnerability has been resolved: icmp: change the order of rate limits ICMP messages are ratelimited : After the blamed commits, the two rate limiters are applied in this order: 1) host wide ratelimit (icmp_global_allow()) 2) Per destination ratelimit (inetpeer based) In order to avoid side-channels attacks, we need to apply the per destination check first. This patch makes the following change : 1) icmp_global_allow() checks if the host wide limit is reached. But credits are not yet consumed. This is deferred to 3) 2) The per destination limit is checked/updated. This might add a new node in inetpeer tree. 3) icmp_global_consume() consumes tokens if prior operations succeeded. This means that host wide ratelimit is still effective in keeping inetpeer tree small even under DDOS. As a bonus, I removed icmp_global.lock as the fast path can use a lock-free operation.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-32926
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.47%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:02
Updated-22 Jul, 2025 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

there is a possible information disclosure due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2018-3639
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-46.74% / 97.59%
||
7 Day CHG~0.00%
Published-22 May, 2018 | 12:00
Updated-16 Sep, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

Action-Not Available
Vendor-Debian GNU/LinuxMitel Networks Corp.Siemens AGIntel CorporationSonicWall Inc.Microsoft CorporationRed Hat, Inc.NVIDIA CorporationOracle CorporationCanonical Ltd.Arm Limited
Product-surface_proenterprise_linux_server_ausopenstackxeon_e3_1225_v3xeon_e5_2450lxeon_e5_1620_v3xeon_e5_1428lxeon_e5_1620_v4xeon_e3_1240l_v5windows_10xeon_e3_1270xeon_e3_1230l_v3xeon_e3_1225_v5xeon_e5_2643_v2simatic_ipc677c_firmwaresinumerik_tcu_30.3xeon_e3_1220l_v3itc1900_pro_firmwarexeon_e5_2450_v2simatic_ipc647cweb_application_firewallxeon_e5_2408l_v3xeon_e3_1240_v2xeon_e5_2609_v4simatic_ipc627catom_zxeon_e3_1265l_v2xeon_e3_1278l_v4xeon_e3_1240simatic_ipc547g_firmwarexeon_e3_1246_v3xeon_e5_2637itc1900_proxeon_e5_2448litc1500_pro_firmwaresimatic_ipc347esinema_remote_connect_firmwareitc1900jetson_tx1xeon_e3enterprise_linux_serverxeon_e5_2608l_v3xeon_e3_1501l_v6solarisxeon_e5_1650_v3xeon_e5_2430lsimatic_ipc677cxeon_e7xeon_e3_1240_v5xeon_e5_2428l_v3xeon_e5_2430l_v2xeon_e3_1280_v5simatic_ipc847dxeon_e5_2648l_v3simatic_ipc827cceleron_nxeon_e5_2428lxeon_e5_1660_v4itc1900_firmwarexeon_e5_2428l_v2simatic_ipc477exeon_e5_2407_v2simatic_field_pg_m4_firmwaresimatic_ipc427d_firmwarexeon_e5_2650_v2xeon_e3_1245_v3xeon_e3_1245xeon_e3_1225xeon_e5_2630l_v3xeon_e3_1275_v2xeon_e5_2620_v3cortex-axeon_e3_1241_v3simatic_ipc427e_firmwareitc2200_pro_firmwaresimatic_ipc647d_firmwarexeon_platinummivoice_connectxeon_e5_1680_v4xeon_e5_2628l_v3xeon_e5_2430xeon_e5_2643_v3xeon_e5_1428l_v2xeon_e3_1240l_v3sinumerik_tcu_30.3_firmwarexeon_e3_1285l_v4secure_mobile_accessitc2200xeon_e3_1230_v6local_service_management_systemxeon_e5_2643_v4xeon_e5_2620xeon_e3_1285_v6xeon_e5_2418lxeon_e3_1275_v5xeon_e3_1286_v3xeon_e3_1268l_v5xeon_e3_1290xeon_e5_2448l_v2xeon_e5_1650_v4xeon_e5_2630l_v4simatic_ipc677dsinumerik_840_d_sl_firmwarexeon_e5_2403_v2virtualization_managerxeon_e3_1268l_v3simatic_ipc477d_firmwarexeon_e3_1285_v3xeon_e5_2450xeon_e5_2623_v3xeon_e5_2650l_v3simatic_field_pg_m5xeon_e3_1501m_v6mivoice_businessxeon_e3_1265l_v4simatic_ipc477e_firmwaresimatic_ipc847c_firmwaresimatic_et_200_sp_firmwaresimatic_ipc477e_proatom_csimatic_ipc827datom_esimatic_et_200_spxeon_e5_1660xeon_e5_2618l_v3surface_pro_with_lte_advancedxeon_e5_2618l_v2xeon_e3_1280_v3simatic_ipc627dxeon_e3_12201_v2xeon_e3_1270_v2xeon_e5xeon_e3_1280simatic_s7-1500xeon_e5_2628l_v4xeon_e5_2640_v3xeon_e3_1270_v3simatic_ipc3000_smart_firmwarexeon_e5_2608l_v4xeon_e5_2650enterprise_linux_eusxeon_e3_1265l_v3xeon_e5_1650_v2cloud_global_management_systemxeon_e5_2609xeon_e3_1260l_v5xeon_e5_2650lvirtualizationxeon_e5_2418l_v2xeon_e3_1225_v6xeon_e5_2640sinumerik_840_d_slruggedcom_ape_firmwareatom_x5-e3930simatic_ipc547gsimatic_ipc847cxeon_e3_1285_v4atom_x7-e3950xeon_e5_2630l_v2simatic_ipc477e_pro_firmwaremicollabxeon_e5_2403xeon_e3_1260lxeon_e5_2438l_v3xeon_e3_12201pentiumsimatic_s7-1500_firmwarexeon_e3_1220_v6xeon_e3_1230_v2xeon_e5_1680_v3xeon_e5_1630_v3simatic_ipc647c_firmwareenterprise_linux_workstationxeon_e3_1235xeon_e3_1281_v3xeon_e5_1428l_v3simatic_ipc477c_firmwaresimotion_p320-4e_firmwarexeon_e5_2648lsimatic_ipc347e_firmwarexeon_e3_1276_v3xeon_silverxeon_e5_1620_v2xeon_e5_2630_v2itc2200_firmwaremivoic_mx-onecore_i7xeon_e-1105cxeon_e5_2630lxeon_e5_2643simatic_ipc827c_firmwaresimotion_p320-4exeon_e3_1275l_v3debian_linuxitc1500xeon_e3_1105c_v2xeon_e5_2637_v2itc1500_proxeon_e3_1245_v5xeon_e5_2430_v2xeon_e5_2640_v4xeon_e5_2648l_v2windows_server_2008itc2200_prosimatic_ipc677d_firmwarexeon_e3_1230_v3xeon_e3_1226_v3xeon_e5_2637_v3ruggedcom_apesimatic_ipc547e_firmwarexeon_e3_1245_v6xeon_e5_2420_v2core_i3xeon_e3_1505m_v5mivoice_border_gatewayxeon_e5_2620_v4simatic_ipc827d_firmwarecore_i5xeon_e3_1235l_v5surface_studioxeon_e5_1660_v3celeron_jxeon_e3_1505l_v5xeon_e3_1230simatic_ipc427c_firmwarexeon_e5_2630_v4pentium_jxeon_e3_1275_v6xeon_e3_1285l_v3xeon_e5_1620atom_x5-e3940simatic_ipc427exeon_e5_2640_v2simatic_ipc477dsimatic_ipc427dxeon_e5_2609_v2simatic_itp1000_firmwarexeon_e5_1630_v4xeon_e5_2407xeon_e3_1220_v3windows_7xeon_e3_1280_v6pentium_silversimatic_ipc3000_smartenterprise_linux_server_tussimatic_ipc547exeon_e5_2618l_v4xeon_e3_1275_v3xeon_e3_1505l_v6ubuntu_linuxwindows_8.1xeon_e3_1240_v6global_management_systemxeon_e5_2620_v2xeon_e3_1270_v5itc1500_firmwaresinema_remote_connectsurfacexeon_e5_2450l_v2simatic_ipc627c_firmwaremivoice_5000xeon_e5_2609_v3xeon_e3_1220_v5xeon_e5_2603xeon_e5_2630_v3simatic_itp1000core_mxeon_e5_2650l_v2enterprise_linux_desktopxeon_e3_1231_v3simatic_ipc427cxeon_e3_1280_v2xeon_e5_1650xeon_e5_2470enterprise_linuxxeon_goldsimatic_ipc647dxeon_e5_2603_v3xeon_e3_1286l_v3simatic_field_pg_m5_firmwaresimatic_ipc847d_firmwarexeon_e5_2603_v2open_integration_gatewayxeon_e3_1290_v2xeon_e5_2603_v4xeon_e3_1220_v2xeon_e3_1270_v6simatic_ipc477cwindows_server_2012sinumerik_pcu_50.5windows_server_2016xeon_e3_1225_v2jetson_tx2xeon_e3_1271_v3surface_bookxeon_e5_2623_v4xeon_e3_1230_v5xeon_e5_2440simatic_ipc627d_firmwarexeon_e5_2440_v2mrg_realtimexeon_e3_1258l_v4xeon_e5_2650_v4sonicosvxeon_e5_2418l_v3sinumerik_pcu_50.5_firmwarexeon_e5_2628l_v2micloud_management_portalxeon_e5_2470_v2simatic_field_pg_m4xeon_e3_1245_v2xeon_e5_2637_v4struxureware_data_center_expertxeon_e5_2650_v3xeon_e3_1240_v3xeon_e5_2648l_v4xeon_e5_1660_v2email_securityxeon_e5_2630xeon_e5_2420xeon_e3_1125c_v2Multiple
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-23170
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 39.26%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 00:00
Updated-20 Jun, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.

Action-Not Available
Vendor-n/aArm Limited
Product-mbed_tlsn/a
CWE ID-CWE-385
Covert Timing Channel
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-1543
Matching Score-4
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-4
Assigner-wolfSSL Inc.
CVSS Score-4.1||MEDIUM
EPSS-0.03% / 7.71%
||
7 Day CHG~0.00%
Published-29 Aug, 2024 | 22:43
Updated-04 Sep, 2024 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AES T-Table sub-cache-line leakage

The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against a side-channel attacker with cache-line resolution. In a controlled environment such as Intel SGX, an attacker can gain a per instruction sub-cache-line resolution allowing them to break the cache-line-level protection. For details on the attack refer to: https://doi.org/10.46586/tches.v2024.i1.457-500

Action-Not Available
Vendor-wolfsslwolfSSLwolfssl
Product-wolfsslwolfSSLwolfcrypt
CWE ID-CWE-208
Observable Timing Discrepancy
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-54476
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.44%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 22:58
Updated-19 Dec, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-50102
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 8.92%
||
7 Day CHG~0.00%
Published-05 Nov, 2024 | 17:10
Updated-04 May, 2025 | 09:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
x86: fix user address masking non-canonical speculation issue

In the Linux kernel, the following vulnerability has been resolved: x86: fix user address masking non-canonical speculation issue It turns out that AMD has a "Meltdown Lite(tm)" issue with non-canonical accesses in kernel space. And so using just the high bit to decide whether an access is in user space or kernel space ends up with the good old "leak speculative data" if you have the right gadget using the result: CVE-2020-12965 “Transient Execution of Non-Canonical Accesses“ Now, the kernel surrounds the access with a STAC/CLAC pair, and those instructions end up serializing execution on older Zen architectures, which closes the speculation window. But that was true only up until Zen 5, which renames the AC bit [1]. That improves performance of STAC/CLAC a lot, but also means that the speculation window is now open. Note that this affects not just the new address masking, but also the regular valid_user_address() check used by access_ok(), and the asm version of the sign bit check in the get_user() helpers. It does not affect put_user() or clear_user() variants, since there's no speculative result to be used in a gadget for those operations.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-33149
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 24.27%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 16:36
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Observable behavioral discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-xeon_processors_firmwareatom_processors_firmwarexeon_phi_processors_firmwareitanium_processorspentium_processorsceleron_processorsatom_processorsquark_soc_firmwarecore_processorsceleron_processors_firmwarequark_socitanium_processors_firmwarecore_processors_firmwarexeon_phi_processorsxeon_processorspentium_processors_firmwareIntel(R) Processors
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-0975
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.11%
||
7 Day CHG~0.00%
Published-11 Aug, 2022 | 15:06
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In USB Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure of installed packages with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-180104273

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-1009
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.74%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 18:06
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In setApplicationCategoryHint of PackageManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-189858128

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-203
Observable Discrepancy
CVE-2020-8695
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 35.28%
||
7 Day CHG-0.03%
Published-12 Nov, 2020 | 18:03
Updated-04 Aug, 2024 | 10:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel CorporationFedora ProjectDebian GNU/Linux
Product-xeon_e3-1501m_firmwarepentium_g4500_firmwarepentium_silver_n5000_firmwareceleron_3955u_firmwarexeon_e3-1235lpentium_4415ycore_i3-6300core_i5-1035g7core_i3-6100e_firmwarepentium_gold_g5420xeon_e-2124g_firmwarecore_i7-9700kfpentium_gold_g5420t_firmwarecore_i5-8305g_firmwarecore_i5-7500_firmwarecore_i5-8400hceleron_g3940pentium_gold_g5420_firmwarecore_i5-7y54xeon_e3-1535m_firmwarecore_i7-1060g7_firmwarecore_i3-7007u_firmwarecore_i7-6650u_firmwarecore_i9-9900kfpentium_g4400tceleron_g3920t_firmwarepentium_gold_g5400tcore_i3-10100f_firmwarexeon_e3-1268lcore_i7-8670core_i5-1035g4core_i3-8145ucore_i7-6822eqcore_i5-7210u_firmwarecore_i7-6700tecore_i3-7020ucore_i7-6567u_firmwarecore_i3-8109uxeon_e3-1565l_firmwarecore_i7-7600ucore_i5-9400f_firmwarecore_i5-7y57_firmwarecore_i3-6100t_firmwarecore_i3-7100e_firmwarecore_i3-7100exeon_e3-1275_firmwarecore_i5-6442eq_firmwarecore_i5-8269u_firmwarexeon_e-2278gexeon_e3-1268l_firmwarexeon_e-2134_firmwarecore_i5-6287u_firmwarexeon_e3-1578l_firmwarecore_m5-6y54core_i5-6600kceleron_n4100core_i3-7120t_firmwareceleron_g3940_firmwarecore_i7-7600u_firmwarepentium_g4520_firmwarecore_i5-8400bcore_i7-10610u_firmwarepentium_g4420core_i7-10710u_firmwarecore_i7-7820hkcore_i5-6500te_firmwarecore_i5-8550core_i5-8400h_firmwareceleron_n4120core_i7-6970hqcore_i5-7500ucore_i3-6120tceleron_3865u_firmwarecore_i5-8600xeon_e3-1225xeon_e-2136celeron_g3930tecore_i7-9700kcore_i5-9400_firmwarecore_i7-8500y_firmwareceleron_3865ucore_i3-8100core_i7-1060g7core_i7-7740x_firmwarecore_i9-10900xeon_e3-1545mpentium_g4520t_firmwarecore_m7-6y75xeon_e3-1270_firmwarecore_i5-6600t_firmwareceleron_g4900tcore_m3-6y30fedoraceleron_3855u_firmwarecore_4205ucore_i5-7287u_firmwarecore_i7-7700celeron_g3900te_firmwarecore_i7-7820hq_firmwarecore_i3-7102ecore_i7-7920hq_firmwarecore_i5-8600kxeon_e-2124_firmwarecore_i7-8700k_firmwarecore_i7-8700_firmwarexeon_e3-1220core_i7-8750hceleron_g3900_firmwarecore_i5-8365ucore_i5-9600kfcore_i5-8500b_firmwarepentium_4410ycore_i3-7100u_firmwarecore_i5-7600core_i3-6100h_firmwarexeon_e-2286mcore_i5-1030g4_firmwarecore_i7-10750hcore_i3-7120_firmwarecore_i7-7820eq_firmwarecore_i5-8550_firmwarecore_i3-8300core_i3-1000g4xeon_e-2186gcore_i5-7267u_firmwarecore_i5-7400tpentium_4415y_firmwarexeon_e3-1535mxeon_e3-1505m_firmwarexeon_e-2174gcore_i7-8809gceleron_j4105core_i5-7260ucore_i7-8700bcore_i5-8420_firmwarecore_i3-8000t_firmwarecore_i7-7500u_firmwarecore_i5-7267ucore_i3-8020_firmwarecore_i7-7820hk_firmwarecore_i9-9900kf_firmwarecore_i7-6560uxeon_e3-1505lpentium_g4420tcore_i5-8300hcore_i5-8600t_firmwarecore_i5-6600_firmwareceleron_j4125_firmwarepentium_gold_g5500tpentium_g4400_firmwarecore_i7-8510y_firmwarexeon_e3-1565lcore_i3-7110u_firmwarecore_i5-7300u_firmwarecore_i5-8600_firmwarecore_i5-9600kf_firmwarexeon_e3-1260lcore_i7-7510u_firmwarecore_i7-9750hfceleron_g4920core_i5-9300h_firmwarecore_i3-6167upentium_silver_j5005xeon_e-2278gelcore_i5-8400b_firmwarecore_i7-6700t_firmwarecore_i3-8100_firmwarecore_i7-7740xxeon_e3-1240_firmwarecore_i7-6500ucore_i3-7110ucore_i7-6500u_firmwarecore_i3-8120celeron_g3902exeon_e-2124core_i9-9880hcore_i5-7287ucore_i7-10710ucore_i5-8500t_firmwarexeon_e3-1558ldebian_linuxcore_i3-7100h_firmwarecore_i5-8300h_firmwarexeon_e-2136_firmwarecore_i5-6300ucore_i7-8565ucore_i5-7300hq_firmwarexeon_e3-1245core_i5-7300hqcore_i7-7560ucore_i7-8706g_firmwarecore_i5-6600k_firmwarepentium_gold_g5420tcore_i3-6110u_firmwarecore_i3-6100hcore_i5-7400t_firmwarecore_i5-6200u_firmwarecore_i3-8100t_firmwarecore_i5-8259upentium_gold_g5500xeon_e-2146g_firmwarecore_i8350kcore_i7-8850h_firmwarecore_m7-6y75_firmwarecore_i7-6700hqpentium_g4500t_firmwarecore_i7-9700kf_firmwarecore_i7-9850h_firmwarecore_i5-6350hqxeon_e3-1515m_firmwarecore_i7-6660u_firmwarecore_i5-7600tcore_i3-6100te_firmwarecore_i5-6350hq_firmwarexeon_e-2278g_firmwarecore_i7-7500ucore_i7-8550ucore_i3-6120_firmwarexeon_e3-1505mcore_i5-6310u_firmwareceleron_j4025core_i5-8310y_firmwarecore_i5-6400_firmwarecore_i7-6650ucore_i5-9300hcore_i5-6210uxeon_e3-1240core_i9-10900_firmwarecore_i7-8559u_firmwarecore_i7-10610ucore_i5-1035g1_firmwarecore_i7-8665u_firmwarexeon_e-2176g_firmwarecore_i3-6100tcore_i7-8500ycore_i5-9400hcore_i7-7567uxeon_e3-1240l_firmwareceleron_g3900e_firmwarecore_i3-8145u_firmwarepentium_4405u_firmwarecore_i3-7367ucore_i3-7340_firmwarecore_i7-7660u_firmwarecore_i7-7820hqcore_i5-6260u_firmwarecore_i5-8210yceleron_g3920tcore_i7-8750h_firmwarecore_i3-6100ecore_i3-8300t_firmwarecore_i3-8109u_firmwarecore_i5-7400_firmwarexeon_e3-1280xeon_e3-1260l_firmwareceleron_3955ucore_i7-9700k_firmwarexeon_e-2288g_firmwareceleron_n4000core_i5-7y54_firmwarepentium_4405y_firmwarecore_i7-6567uxeon_e-2176m_firmwarexeon_e-2174g_firmwarecore_i3-7101ecore_i9-8950hk_firmwarecore_i5-8500core_i7-6870hq_firmwarecore_i3-8000_firmwarecore_i5-7600_firmwarecore_i7-7510ucore_i8130ucore_i7-8510ycore_i5-6267u_firmwarecore_i5-8265ucore_i3-7007ucore_i5-6300hqcore_i3-6110ucore_i5-6440hqcore_i7-7y75pentium_gold_g5400t_firmwarecore_i7-7560u_firmwarecore_i7-6700core_i5-7y57celeron_g3920_firmwarexeon_e-2486g_firmwarepentium_silver_j5040core_i5-7500tcore_i5-9600k_firmwarepentium_gold_g5500_firmwarecore_i8350k_firmwarepentium_gold_g5600celeron_j4125core_i3-6102e_firmwarexeon_e3-1230_firmwarecore_i7-7700kcore_i7-8705gpentium_g4540_firmwarecore_i7-8665ucore_i3-8300tcore_i7-7660ucore_i7-6600ucore_i3-6100u_firmwarecore_i3-8120_firmwarecore_i7-8706gcore_i9-9880h_firmwarecore_i7-8700t_firmwarexeon_e-2126g_firmwarecore_i5-6310ucore_i5-7500u_firmwarecore_i7-8700core_i5-8259u_firmwarexeon_e3-1501lcore_i3-6300tcore_i3-7130u_firmwarecore_i5-8400core_i3-6120core_i7-8705g_firmwarecore_i7-7700tcore_i5-7260u_firmwarepentium_gold_g5500t_firmwarecore_i7-6600u_firmwarecore_i5-7600k_firmwarecore_i7-6770hqcore_i7-8700kxeon_e-2486gcore_i5-7200u_firmwarecore_i5-8600k_firmwarecore_i5-7442eqxeon_e-2134xeon_e3-1545m_firmwarepentium_g4500txeon_e3-1515mcore_i5-1030g7core_i5-7442eq_firmwarexeon_e-2144g_firmwarecore_i3-1000g1core_i5-7360u_firmwarecore_i5-8210y_firmwarecore_i5-6442eqcore_i5-8420tcore_i5-9600kceleron_g3900core_i3-6300_firmwarecore_i7-7700hqceleron_g4900t_firmwarecore_i3-8100hxeon_e3-1225_firmwarecore_i7-6870hqpentium_g4500core_i5-8350ucore_i3-1005g1_firmwareceleron_n4000_firmwarecore_i3-6320t_firmwarecore_i5-7300ucore_i5-6440hq_firmwarecore_m3-6y30_firmwarepentium_4415u_firmwarecore_i5-8500tceleron_3965y_firmwarecore_i5-7500core_i5-6400core_i5-7200upentium_g4540core_i5-8350u_firmwarecore_i7-8700b_firmwareceleron_g3930ecore_i9-8950hkpentium_g4520pentium_4405ucore_i7-6820hq_firmwarecore_i3-6320_firmwarecore_i7-7920hqxeon_e3-1575m_firmwarepentium_g4400t_firmwarepentium_gold_g5600_firmwarecore_i5-8400tcore_i3-6100_firmwarexeon_e3-1578lcore_i5-8420core_i7-8670tceleron_j4105_firmwarecore_i7-6660ucore_i7-10750h_firmwarexeon_e3-1240lceleron_3965uceleron_g4920_firmwarepentium_silver_n5000core_i3-6120t_firmwarecore_i5-6500_firmwarecore_i3-7100hcore_i3-7101te_firmwarexeon_e3-1220_firmwarecore_i5-6500t_firmwarexeon_e3-1501l_firmwarecore_i9-9900kxeon_e-2176gpentium_gold_g5400_firmwarecore_i3-6320tcore_i7-8709gcore_i7-7y75_firmwarecore_i5-8200y_firmwarecore_i7-8550u_firmwareceleron_j4025_firmwarecore_i5-1035g7_firmwarepentium_silver_j5040_firmwarecore_i3-7120pentium_g4420t_firmwarecore_i5-6287ucore_i5-7640x_firmwarecore_i5-9400core_m3-8100y_firmwarecore_i3-8100tpentium_4415ucore_i5-6500tcore_i5-6260ucore_i3-7120tcore_i7-6700k_firmwarecore_i5-8650k_firmwarexeon_e-2278ge_firmwarecore_i5-7500t_firmwarecore_i7-8700tcore_i7-6820hk_firmwarecore_i7-6820hqcore_i5-7400xeon_e3-1501mcore_i7-8650ucore_i3-7102e_firmwarexeon_e3-1585_firmwarecore_m3-7y30_firmwarexeon_e3-1245_firmwarexeon_e-2286m_firmwarecore_i5-6600core_i7-6700tcore_i7-6920hqcore_i3-6167u_firmwarexeon_e3-1585core_i3-6100ucore_i7-6700_firmwarecore_i3-7320t_firmwarepentium_g4400tecore_i5-1035g1pentium_silver_n5030xeon_e3-1280_firmwarecore_i7-6510u_firmwarecore_i7-8565u_firmwarecore_i7-6822eq_firmwarexeon_e-2186g_firmwarecore_i8130u_firmwarecore_i5-1035g4_firmwarecore_i5-8500bxeon_e-2124gcore_i5-7600t_firmwarecore_i5-8269ucore_i5-7440hq_firmwarecore_i5-1030g4xeon_e-2288gcore_i5-6300hq_firmwarecore_i7-8709g_firmwarepentium_g4520tceleron_3965u_firmwareceleron_g3930e_firmwarecore_5405u_firmwarecore_i7-9850hcore_i5-9400fcore_i7-6700kcore_i3-8000core_i3-6320celeron_n4100_firmwarecore_i3-7320tcore_i5-7440eqcore_i7-6820eq_firmwarepentium_4410y_firmwarepentium_silver_j5005_firmwareceleron_g3900tcore_i3-8000tceleron_g3920core_i5-6400tcore_i3-7100ucore_i3-7101tecore_i5-7600kcore_m5-6y57core_i5-8250ucore_i3-1000g4_firmwarecore_5405uxeon_e-2126gcore_i7-6920hq_firmwarecore_i7-7820eqxeon_e3-1275core_i5-7360ucore_i5-6500core_i3-7340core_i7-8650u_firmwarexeon_e3-1235l_firmwarecore_i5-6200ucore_i7-8670t_firmwarecore_m3-8100ycore_i9-9900k_firmwarecore_i7-7700k_firmwarecore_i7-6700hq_firmwarecore_i5-8650_firmwarecore_i5-8250u_firmwareceleron_n4120_firmwarecore_i7-7567u_firmwareceleron_g3902e_firmwarecore_i5-8400_firmwarecore_i7-8670_firmwarexeon_e-2176mcore_i7-6970hq_firmwarecore_i7-7700hq_firmwarecore_i7-6820hkpentium_g4400core_i5-7440eq_firmwarecore_i3-1000g1_firmwarecore_i7-9750hf_firmwarecore_i5-8400t_firmwarecore_i5-6400t_firmwarecore_i3-6102ecore_i5-8365u_firmwarecore_i7-6700te_firmwarecore_i5-6600tpentium_g4420_firmwarecore_i3-8020core_i7-6510upentium_silver_n5030_firmwarecore_i5-6360u_firmwarecore_i3-8100h_firmwarexeon_e-2278gcore_i7-8850hcore_i5-7210ucore_i3-7130uceleron_j4005_firmwarecore_i5-8265u_firmwarecore_i3-10100fcore_i7-6560u_firmwarecore_i3-8300_firmwarecore_i7-6820eqcore_i7-1065g7_firmwareceleron_g3930te_firmwarexeon_e3-1558l_firmwarecore_i5-8650core_i5-6500tecore_m3-7y30core_4205u_firmwarecore_i5-8500_firmwarecore_i5-6210u_firmwareceleron_n4020_firmwarecore_i5-6300u_firmwarecore_i7-8809g_firmwarexeon_e3-1575mxeon_e3-1230core_i7-7700t_firmwarecore_i9-9980hk_firmwareceleron_g4900core_i5-9400h_firmwarecore_i5-1030g7_firmwarepentium_4405ycore_i5-8420t_firmwarecore_i5-8200ypentium_gold_g5400celeron_g3900t_firmwarecore_i3-6100core_i5-8310ycore_i5-7640xceleron_n4020celeron_g4900_firmwarexeon_e-2278gel_firmwarecore_i5-7440hqxeon_e-2144gcore_i5-6360ucore_m5-6y54_firmwarexeon_e3-1505l_firmwarecore_i3-6300t_firmwarecore_m5-6y57_firmwarecore_i5-8650kceleron_g3900ecore_i7-7700_firmwarecore_i7-6770hq_firmwarecore_i5-6267uceleron_3965ypentium_g4400te_firmwareceleron_g3900tecore_i3-1005g1celeron_j4005core_i3-7020u_firmwarecore_i3-7101e_firmwareceleron_3855ucore_i5-6440eqcore_i3-7367u_firmwarecore_i5-6440eq_firmwarecore_i5-8600tcore_i7-1065g7core_i5-8305gcore_i9-9980hkcore_i7-8559uxeon_e-2146gcore_i3-6100texeon_e3-1270xeon_e3-1585l_firmwarexeon_e3-1585lIntel(R) Processors
CWE ID-CWE-203
Observable Discrepancy
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found