CVE-2022-21166 — Incomplete Cleanup in Intel SGX Dcap

CWE-459 — Incomplete Cleanup16 documents8 sources

Severity

5.5MEDIUMNVD

EPSS

0.2%

top 59.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel XEN Intel SGX Dcap +5 more

Timeline

PublishedJun 15

Latest updateJul 28

Description

Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

▶NVDintel/sgx_psw< 2.16.100.3+1

▶NVDintel/sgx_sdk< 2.16.100.3+1

▶NVDintel/sgx_dcap< 1.14.100.3

▶Debianxen/xen< 4.14.5+24-g87d90d511c-1+3

▶Debianlinux/linux_kernel< 5.10.127-1+3

Also affects: Debian Linux 10.0, 11.0, 9.0, Fedora 35, 36

Patches

Patch: www.openwall.com ↗Patch: www.intel.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

OSV

linux-oem-5.14 vulnerabilities↗2022-07-01

▶

CVEList

CVE-2022-21166: Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable in↗2022-06-15

▶

OSV

CVE-2022-21166: Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable in↗2022-06-15

▶

📋Vendor Advisories

Ubuntu

Intel Microcode vulnerabilities↗2022-07-28

▶

Ubuntu

Linux kernel (OEM) vulnerabilities↗2022-07-21

▶

Ubuntu

Linux kernel (AWS) vulnerabilities↗2022-07-13

▶

Ubuntu

Linux kernel vulnerabilities↗2022-07-07

▶

Ubuntu

Linux kernel (OEM) vulnerabilities↗2022-07-01

▶