Lucene search

F5F5:K95204515

HistoryJun 07, 2022 - 12:00 a.m.

K95204515 : Intel CPU vulnerability CVE-2022-21151

2022-06-0700:00:00

my.f5.com

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.2 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0005 Low

EPSS

Percentile

13.7%

JSON

Security Advisory Description

Processor optimization removal or modification of security-critical code for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21151)

Impact

This vulnerability may allow an authenticated user to potentially enable information disclosure by way of local access.

The following platforms are vulnerable:

r10900
r10800
r10600
r5900
r5800
r5600

For more information, refer to K86001294: F5OS hardware/software support matrix.

All versions of Virtual Edition (VE) for the BIG-IP and BIG-IQ products are potentially impacted if the processors underlying the VE installations are affected. Microcode updates from Intel are available to address this issue but must be applied at the hardware level, which is outside the scope of the ability of F5 to support or patch.

CPENameOperatorVersion
big-ip next spkeq1.5.0
big-ip aameq13.1.0
big-ip aameq13.1.1
big-ip aameq13.1.3
big-ip aameq13.1.4
big-ip aameq13.1.5
big-ip aameq14.1.0
big-ip aameq14.1.2
big-ip aameq14.1.3
big-ip aameq14.1.4

Name	Operator	Version
big-ip next spk	eq	1.5.0
big-ip aam	eq	13.1.0
big-ip aam	eq	13.1.1
big-ip aam	eq	13.1.3
big-ip aam	eq	13.1.4
big-ip aam	eq	13.1.5
big-ip aam	eq	14.1.0
big-ip aam	eq	14.1.2
big-ip aam	eq	14.1.3
big-ip aam	eq	14.1.4