CVE-2022-24436
published 2022-06-15CVE-2022-24436: Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure…
PriorityP339medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
12.04%
95.6th percentile
Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m7hv-7hvq-q3xx: Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information di
ghsa_unreviewed·2022-06-16
CVE-2022-24436 [MEDIUM] CWE-203 GHSA-m7hv-7hvq-q3xx: Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information di
Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.
Red Hat
hw: cpu: cryptographic leaks via frequency scaling attacks(Intel)
vendor_redhat·2022-06-14·CVSS 6.5
CVE-2022-24436 [MEDIUM] CWE-1240 hw: cpu: cryptographic leaks via frequency scaling attacks(Intel)
hw: cpu: cryptographic leaks via frequency scaling attacks(Intel)
Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.
A potential vulnerability in some Intel® processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure.
Mitigation: Currently, there is no mitigation for this flaw. Intel has provided some guidance to developers of Cryptographic software to harden their libraries and applications against Hertzbleed. More information is available in the official Intel and AMD security advisories linked at the bottom of this document.
A workload-independent workaround to mitigate Hertz
No detection rules found.
No public exploits indexed.
2022-06-15
Published