CVE-2020-13844

Description

Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation."

References

Link	Tags
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability	vendor advisory
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions	vendor advisory
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation	vendor advisory
https://gcc.gnu.org/pipermail/gcc-patches/2020-June/547520.html	third party advisory patch
http://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html	third party advisory mailing list
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00040.html	mailing list third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00039.html	mailing list third party advisory vendor advisory

Frequently Asked Questions

What is the severity of CVE-2020-13844?: CVE-2020-13844 has been scored as a medium severity vulnerability.
How to fix CVE-2020-13844?: To fix CVE-2020-13844, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2020-13844 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2020-13844 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-203 – Observable Discrepancy

References

Frequently Asked Questions