Intel® Processors MMIO Undefined Access Advisory

Summary:

A potential security vulnerability in Memory Mapped I/O (MMIO) for some 14nm Client/Xeon E3 Intel® Processors may allow a denial of service in certain virtualized environments.

Vulnerability Details:

CVEID: CVE-2022-21180

Description: Improper input validation for some Intel® Processors may allow an authenticated user to potentially cause a denial of service via local access.

CVSS Base Score: 5.5 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

Some 14nm Client/Xeon E3 Intel® Processors, see full list:

<https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html&gt;

Recommendations:

Intel recommends that users of affected Intel® Processors update to the latest Virtual Machine Monitor provided by the VMM or OS provider that addresses these issues.

Acknowledgements:

This issue was found internally by Intel employees. Intel would like to thank Ke Sun, Alan Miller, Shlomi Alkalay, Robert Jones, and Ezra Caltum.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.