Lucene search

K
intelIntel Security CenterINTEL:INTEL-SA-00598
HistoryMar 08, 2022 - 12:00 a.m.

Intel® Processor Advisory

2022-03-0800:00:00
Intel Security Center
www.intel.com
24

Summary:

Potential security vulnerabilities in some Intel® Processors may allow information disclosure.** **Intel is releasing prescriptive guidance to address these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2022-0001

Description: Non-transparent sharing of branch predictor selectors between contexts in some Intel® Processors may allow an authorized user to potentially enable information disclosure via local access.

CVSS Base Score: 4.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CVEID: CVE-2022-0002

Description: Non-transparent sharing of branch predictor within a context in some Intel® Processors may allow an authorized user to potentially enable information disclosure via local access.

CVSS Base Score: 4.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products:

Consult this list of affected products here.

Recommendations:

Intel recommends that affected Intel® Processors disable access to managed runtimes in privileged modes to help prevent managed runtimes from being used as disclosure gadgets, such as unprivileged Extended Berkeley packet filter (eBPF) in kernel mode. Intel has worked with the Linux community to make this option available to all Linux users beginning in the Linux Kernel 5.16 stable version. This option is already available in some Linux distributions. Systems administrators and end users should check with their Linux vendor to determine the status of the operating system version they are using.

Additional technical details can be found here

Acknowledgements:

Intel would like to thank Pietro Frigo, Enrico Barberis, Marius Muench, Herbert Bos, Cristiano Giuffrida from the VUSec group at VU Amsterdam for reporting these issues.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.