CVE-2022-21127

CWE-4599 documents8 sources
Severity
5.5MEDIUM
EPSS
0.3%
top 48.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Intel SGX DcapIntel SGX PSWIntel SGX SDK+1 more
Timeline
PublishedJun 15
Latest updateJul 28

Description

Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

CVEListV5intel(r)_processorsSee references
NVDintel/sgx_psw< 2.16.100.3+1
NVDintel/sgx_sdk< 2.16.100.3+1
NVDintel/sgx_dcap< 1.14.100.3
Debianintel-microcode< 3.20220510.1~deb11u1+3

Also affects: Debian Linux 10.0, 11.0

Patches

Patch: www.openwall.comPatch: www.intel.comPatch: www.openwall.com

🔴Vulnerability Details

3
GHSA
GHSA-q9qj-gqmf-73c2: Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable inf2022-06-16
CVEList
CVE-2022-21127: Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable inf2022-06-15
OSV
CVE-2022-21127: Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable inf2022-06-15

📋Vendor Advisories

5
Ubuntu
Intel Microcode vulnerabilities2022-07-28
Ubuntu
Intel Microcode vulnerabilities2022-06-20
Red Hat
hw: cpu: Incomplete cleanup in specific special register read operations (aka SRBDS update)2022-06-14
Microsoft
Intel: CVE-2022-21127 Special Register Buffer Data Sampling Update (SRBDS Update)2022-06-14
Debian
CVE-2022-21127: intel-microcode - Incomplete cleanup in specific special register read operations for some Intel(R...2022
CVE-2022-21127 (MEDIUM CVSS 5.5) | Incomplete cleanup in specific spec | cvebase.io