CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L
EPSS
Percentile
13.2%
Medium
Canonical Ubuntu
Erik C. Bjorge discovered that some Intel® Atom and Intel Xeon Scalable Processors did not properly implement access controls for out-of-band management. This may allow a privileged network-adjacent user to potentially escalate privileges. (CVE-2022-21216) Cfir Cohen, Erdem Aktas, Felix Wilhelm, James Forshaw, Josh Eads, Nagaraju Kodalapura Nagabhushana Rao, Przemyslaw Duda, Liron Shacham and Ron Anderson discovered that some Intel® Xeon® Processors used incorrect default permissions in some memory controller configurations when using Intel® Software Guard Extensions. This may allow a privileged local user to potentially escalate privileges. (CVE-2022-33196) It was discovered that some 3rd Generation Intel® Xeon® Scalable Processors did not properly calculate microkey keying. This may allow a privileged local user to potentially disclose information. (CVE-2022-33972) Joseph Nuzman discovered that some Intel® Processors when using Intel® Software Guard Extensions did not properly isolate shared resources. This may allow a privileged local user to potentially disclose information. (CVE-2022-38090) Update Instructions: Run sudo pro fix USN-5886-1
to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode – 3.20230214.0ubuntu0.16.04.1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro
CVEs contained in this USN include: CVE-2022-21216, CVE-2022-33196, CVE-2022-33972, CVE-2022-38090.
Severity is medium unless otherwise noted.
Users of affected products are strongly encouraged to follow the mitigations below.
The Cloud Foundry project recommends upgrading the following releases:
2023-04-20: Initial vulnerability report published.