CVE-2022-41804 — Unauthorized Error Injection Can Degrade Hardware Redundancy in Intel-microcode

CWE-1334 — Unauthorized Error Injection Can Degrade Hardware Redundancy8 documents7 sources

Severity

6.7MEDIUMNVD

OSV6.5

EPSS

0.0%

top 96.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Intel-microcode Debian Linux Fedoraproject Fedora

Timeline

PublishedAug 11

Latest updateAug 14

Description

Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages1 packages

▶debiandebian/intel-microcode< intel-microcode 3.20230808.1~deb12u1 (bookworm)

Also affects: Debian Linux 11.0, 12.0, Fedora 38

🔴Vulnerability Details

OSV

intel-microcode vulnerabilities↗2023-08-14

▶

GHSA

GHSA-5vqh-8734-g6m4: Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable es↗2023-08-11

▶

OSV

CVE-2022-41804: Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable es↗2023-08-11

▶

📋Vendor Advisories

Ubuntu

Intel Microcode vulnerabilities↗2023-08-14

▶

Red Hat

hw: Intel: Unauthorized error injection in Intel SGX or Intel TDX↗2023-08-08

▶

Debian

CVE-2022-41804: intel-microcode - Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) X...↗2022

▶

💬Community

Bugzilla

CVE-2022-41804 hw: Intel: Unauthorized error injection in Intel SGX or Intel TDX↗2023-08-09

▶