Lucene search

K
intelIntel Security CenterINTEL:INTEL-SA-00645
HistoryJun 17, 2022 - 12:00 a.m.

Intel® Processors MMIO Undefined Access Advisory

2022-06-1700:00:00
Intel Security Center
www.intel.com
39
intel processors
mmio
memory mapped i/o
security vulnerability
denial of service
14nm client
xeon e3
cve-2022-21180
input validation
virtualized environments
cvss score
affected products
update recommendations
acknowledgements
coordinated disclosure

EPSS

0

Percentile

12.6%

Summary:

A potential security vulnerability in Memory Mapped I/O (MMIO) for some 14nm Client/Xeon E3 Intel® Processors may allow a denial of service in certain virtualized environments.

Vulnerability Details:

CVEID: CVE-2022-21180

Description: Improper input validation for some Intel® Processors may allow an authenticated user to potentially cause a denial of service via local access.

CVSS Base Score: 5.5 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

Some 14nm Client/Xeon E3 Intel® Processors, see full list:

<https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html&gt;

Recommendations:

Intel recommends that users of affected Intel® Processors update to the latest Virtual Machine Monitor provided by the VMM or OS provider that addresses these issues.

Acknowledgements:

This issue was found internally by Intel employees. Intel would like to thank Ke Sun, Alan Miller, Shlomi Alkalay, Robert Jones, and Ezra Caltum.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

EPSS

0

Percentile

12.6%