Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00657
HistoryOct 19, 2022 - 12:00 a.m.

2022.2 IPU - Intel® Processor Advisory

2022-10-1900:00:00
Intel Security Center
www.intel.com
27
JSON

Summary:

A potential security vulnerability in some Intel® Processors may allow information disclosure.** **Intel is releasing firmware updates to address this potential vulnerability.

Vulnerability Details:

CVEID: CVE-2022-21233

Description: Improper isolation of shared resources in some Intel® Processors may allow a privileged user to potentially enable information disclosure via local access.

CVSS Base Score: 6.0 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Affected Products:

Consult this list of affected products here.

Recommendations:

Intel recommends that users of affected Intel® Processors update to the latest version firmware provided by the system manufacturer that addresses these issues. In addition, Intel will be releasing Intel® SGX SDK updates soon after public embargo is lifted.

Intel has released microcode updates for the affected Intel® Processors that are currently supported on the public github repository. Please see details below on access to the microcode:

GitHub*: Public Github: <https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files&gt;

For Intel® SGX customers, please note there is a known sighting that affects the patch installation recommendation for 3rd Generation Intel® Xeon® Scalable Processors, Codename Icelake-SP, further details and a workaround are available here.

Intel® SGX SDK Download Links:

Intel SGX TCB Recovery Plans:

To address this issue, an Intel SGX TCB Recovery is planned. Details can be found here.

Refer to Intel SGX Attestation Technical Details for more information on the Intel SGX TCB recovery process.

Further TCB Recovery Guidance for developers is available.

Acknowledgements:

Intel would like to thank Pietro Borrello from Sapienza University of Rome, Andreas Kogler, Martin Schwarzl, Daniel Gruss from Graz University of Technology, Michael Schwarz from CISPA Helmholtz Center for Information Security and Moritz Lipp from Amazon Web Services for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related

mageia 1
openvas 12
suse 2
nessus 12
ubuntucve 1
debiancve 1
osv 3
ubuntu 1
cloudfoundry 1
amazon 2
fedora 2
cve 1
prion 1
redhatcve 1
veracode 1
alpinelinux 1
thn 1
redhat 2
rocky 1
centos 1
debian 1
ics 1
mageia
mageia
Updated microcode packages fix security vulnerability
2022-08-26 00:21:07
openvas
openvas
Mageia: Security Advisory (MGASA-2022-0304)
2022-08-26 00:00:00
openSUSE: Security Advisory for ucode (SUSE-SU-2022:2960-2)
2024-03-04 00:00:00
Ubuntu: Security Advisory (USN-5612-1)
2022-09-16 00:00:00
suse
suse
Security update for ucode-intel (moderate)
2022-08-31 00:00:00
Security update for ucode-intel (moderate)
2022-09-01 00:00:00
nessus
nessus
SUSE SLES15 Security Update : ucode-intel (SUSE-SU-2022:2832-1)
2022-08-18 00:00:00
SUSE SLES12 Security Update : ucode-intel (SUSE-SU-2022:2838-1)
2022-08-20 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Intel Microcode vulnerability (USN-5612-1)
2022-09-15 00:00:00
ubuntucve
ubuntucve
CVE-2022-21233
2022-08-09 00:00:00
debiancve
debiancve
CVE-2022-21233
2022-08-18 20:15:00
osv
osv
intel-microcode vulnerability
2022-09-15 02:52:45
CVE-2022-21233
2022-08-18 20:15:10
intel-microcode - security update
2023-04-01 00:00:00
ubuntu
ubuntu
Intel Microcode vulnerability
2022-09-15 00:00:00
cloudfoundry
cloudfoundry
USN-5612-1: Intel Microcode vulnerability | Cloud Foundry
2022-09-22 00:00:00
amazon
amazon
Medium: microcode_ctl
2022-09-01 21:09:00
Medium: microcode_ctl
2022-09-01 21:09:00
fedora
fedora
[SECURITY] Fedora 36 Update: microcode_ctl-2.1-51.1.fc36
2022-08-12 01:42:44
[SECURITY] Fedora 35 Update: microcode_ctl-2.1-47.4.fc35
2022-08-18 02:22:04
cve
cve
CVE-2022-21233
2022-08-18 20:15:00
prion
prion
Design/Logic Flaw
2022-08-18 20:15:00
redhatcve
redhatcve
CVE-2022-21233
2022-08-09 18:37:31
veracode
veracode
Information Disclosure
2022-08-19 00:08:13
alpinelinux
alpinelinux
CVE-2022-21233
2022-08-18 20:15:00
thn
thn
ÆPIC and SQUIP Vulnerabilities Found in Intel and AMD Processors
2022-08-16 14:58:00
redhat
redhat
(RHSA-2022:5939) Moderate: kernel-rt security and bug fix update
2022-08-09 09:27:49
(RHSA-2022:5937) Moderate: kernel security and bug fix update
2022-08-09 09:27:25
rocky
rocky
microcode_ctl bug fix and enhancement update
2022-11-02 13:51:49
centos
centos
bpftool, kernel, perf, python security update
2022-08-15 17:35:43
debian
debian
[SECURITY] [DLA 3379-1] intel-microcode security update
2023-04-01 09:13:22
ics
ics
Siemens SIMATIC S7-1500 TM MFP BIOS
2023-06-15 12:00:00
JSON
Related for INTEL:INTEL-SA-00657
mageia1openvas12suse2nessus12ubuntucve1debiancve1osv3ubuntu1cloudfoundry1amazon2fedora2cve1prion1redhatcve1veracode1alpinelinux1thn1redhat2rocky1centos1debian1ics1