CVE-2020-8696

Description

Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

How to fix CVE-2020-8696

To remediate CVE-2020-8696, upgrade the affected package to a fixed version below.

Debian/intel-microcode—upgrade to 3.20201110.1 or later

Is CVE-2020-8696 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 3.20201110.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2020-8696