6.8 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4.7 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:M/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
8.4%
Software: microcode_ctl 2.1
OS: rosa-server79
package_evr_string: microcode_ctl-2.1-73.16.res7
CVE-ID: CVE-2022-21216
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: Insufficient granularity in external management access control in some Intel® Atom and Intel Xeon scalable processors may allow a privileged user to potentially enable privilege escalation through access to a neighboring network.
CVE-STATUS: Fixed
CVE-REV: Run the yum update microcode_ctl command for closure
CVE-ID: CVE-2022-33196
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: Incorrect default permissions in some memory controller configurations for some Intel® Xeon® processors when using Intel® Software Guard Extensions, which could allow a privileged user to potentially enable privilege escalation via local access.
CVE-STATUS: Fixed
CVE-REV: Run the yum update microcode_ctl command to close it
CVE-ID: CVE-2022-33972
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: An incorrect calculation in the microcode encryption mechanism for some 3rd generation Intel® Xeon® scalable processors could allow a privileged user to potentially enable information disclosure via local access.
CVE-STATUS: Fixed
CVE-REV: Run the yum update microcode_ctl command for closure
CVE-ID: CVE-2022-38090
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: Improper isolation of shared resources on some Intel® processors when using Intel® Software Guard Extensions may allow a privileged user to potentially authorize information disclosure via local access.
CVE-STATUS: Fixed
CVE-REV: Run the yum update microcode_ctl command to close it
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
rosa | any | noarch | microcode_ctl | < 2.1 | UNKNOWN |
6.8 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4.7 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:M/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
8.4%