CVE-2022-21125

CWE-45916 documents9 sources
Severity
5.5MEDIUM
EPSS
0.2%
top 52.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Intel SGX DcapIntel SGX PSWIntel SGX SDK+3 more
Timeline
PublishedJun 15
Latest updateJul 28

Description

Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages9 packages

CVEListV5intel(r)_processorsSee references
NVDintel/sgx_psw< 2.16.100.3+1
NVDintel/sgx_sdk< 2.16.100.3+1
NVDintel/sgx_dcap< 1.14.100.3
Debianintel-microcode< 3.20220510.1~deb11u1+3

Also affects: Debian Linux 10.0, 11.0, 9.0, Fedora 35, 36

Patches

Patch: www.openwall.comPatch: xenbits.xen.orgPatch: www.intel.com

🔴Vulnerability Details

4
OSV
linux-oem-5.14 vulnerabilities2022-07-01
GHSA
GHSA-wwff-24hj-g6pw: Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information di2022-06-16
CVEList
CVE-2022-21125: Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information di2022-06-15
OSV
CVE-2022-21125: Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information di2022-06-15

📋Vendor Advisories

11
Ubuntu
Intel Microcode vulnerabilities2022-07-28
Ubuntu
Linux kernel (OEM) vulnerabilities2022-07-21
Ubuntu
Linux kernel (AWS) vulnerabilities2022-07-13
Ubuntu
Linux kernel vulnerabilities2022-07-07
Ubuntu
Linux kernel (OEM) vulnerabilities2022-07-01
CVE-2022-21125 (MEDIUM CVSS 5.5) | Incomplete cleanup of microarchitec | cvebase.io