CVE-2022-21123

CWE-45920 documents10 sources
Severity
5.5MEDIUM
EPSS
0.5%
top 36.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Intel SGX DcapIntel SGX PSWIntel SGX SDK+3 more
Timeline
PublishedJun 15
Latest updateOct 15

Description

Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages9 packages

CVEListV5intel(r)_processorsSee references
NVDintel/sgx_psw< 2.16.100.3+1
NVDintel/sgx_sdk< 2.16.100.3+1
NVDintel/sgx_dcap< 1.14.100.3
Debianintel-microcode< 3.20220510.1~deb11u1+3

Also affects: Debian Linux 10.0, 11.0, 9.0, Fedora 35, 36

Patches

Patch: www.openwall.comPatch: www.intel.comPatch: www.openwall.com

🔴Vulnerability Details

6
OSV
linux-oem-5.14 vulnerabilities2022-07-01
OSV
linux, linux-aws, linux-aws-hwe, linux-aws-5.13, linux-aws-5.4, linux-azure, linux-azure-4.15, linux-azure-5.13, linux-azure-5.4, linux-azure-fde, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-gcp-2022-06-17
GHSA
GHSA-4jx7-c67v-r2v7: Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclos2022-06-16
OSV
linux vulnerabilities2022-06-16
OSV
CVE-2022-21123: Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclos2022-06-15

📋Vendor Advisories

13
Oracle
Oracle Oracle Communications Risk Matrix: Platform (Microcode Controller) — CVE-2022-211232022-10-15
Ubuntu
Intel Microcode vulnerabilities2022-07-28
Ubuntu
Linux kernel (OEM) vulnerabilities2022-07-21
Ubuntu
Linux kernel (AWS) vulnerabilities2022-07-13
Ubuntu
Linux kernel vulnerabilities2022-07-07
CVE-2022-21123 (MEDIUM CVSS 5.5) | Incomplete cleanup of multi-core sh | cvebase.io