Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-5535-1
HistoryJul 28, 2022 - 12:00 a.m.

Intel Microcode vulnerabilities

2022-07-2800:00:00
ubuntu.com
38

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

0.001 Low

EPSS

Percentile

27.6%

JSON

Releases

  • Ubuntu 16.04 ESM

Packages

  • intel-microcode - Processor microcode for Intel CPUs

Details

Joseph Nuzman discovered that some Intel processors did not properly
initialise shared resources. A local attacker could use this to obtain
sensitive information. (CVE-2021-0145)

Mark Ermolov, Dmitry Sklyarov and Maxim Goryachy discovered that some Intel
processors did not prevent test and debug logic from being activated at
runtime. A local attacker could use this to escalate
privileges. (CVE-2021-0146)

It was discovered that some Intel processors did not implement sufficient
control flow management. A local attacker could use this to cause a denial
of service (system crash). (CVE-2021-0127)

It was discovered that some Intel processors did not completely perform
cleanup actions on multi-core shared buffers. A local attacker could
possibly use this to expose sensitive information. (CVE-2022-21123,
CVE-2022-21127)

It was discovered that some Intel processors did not completely perform
cleanup actions on microarchitectural fill buffers. A local attacker could
possibly use this to expose sensitive information. (CVE-2022-21125)

Alysa Milburn, Jason Brandt, Avishai Redelman and Nir Lavi discovered that
some Intel processors improperly optimised security-critical code. A local
attacker could possibly use this to expose sensitive
information. (CVE-2022-21151)

It was discovered that some Intel processors did not properly perform
cleanup during specific special register write operations. A local attacker
could possibly use this to expose sensitive information. (CVE-2022-21166)

It was discovered that some Intel processors did not properly restrict
access in some situations. A local attacker could use this to obtain
sensitive information. (CVE-2021-33117)

Brandon Miller discovered that some Intel processors did not properly
restrict access in some situations. A local attacker could use this to
obtain sensitive information or a remote attacker could use this to
cause a denial of service (system crash). (CVE-2021-33120)

OSVersionArchitecturePackageVersionFilename
Ubuntu16.04noarchintel-microcode< 3.20220510.0ubuntu0.16.04.1+esm1UNKNOWN
Ubuntu16.04noarchintel-microcode< 3.20210216.0ubuntu0.16.04.1UNKNOWN

Related

nessus 60
ubuntu 4
osv 14
openvas 26
cloudfoundry 1
debian 2
suse 2
mageia 3
hp 1
oraclelinux 11
mscve 2
intel 5
malwarebytes 1
rocky 4
almalinux 3
f5 3
citrix 1
vmware 1
xen 1
redhat 12
fedora 3
ibm 1
amazon 3
gentoo 1
centos 1
prion 4
cve 4
redhatcve 6
ubuntucve 6
veracode 5
debiancve 6
alpinelinux 2
nessus
nessus
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Intel Microcode vulnerabilities (USN-5486-1)
2022-06-20 00:00:00
Ubuntu 16.04 ESM : Intel Microcode vulnerabilities (USN-5535-1)
2022-07-28 00:00:00
Debian DSA-5178-1 : intel-microcode - security update
2022-07-07 00:00:00
ubuntu
ubuntu
Intel Microcode vulnerabilities
2022-06-20 00:00:00
Linux kernel (OEM) vulnerabilities
2022-07-01 00:00:00
Linux kernel vulnerabilities
2022-06-17 00:00:00
osv
osv
Intel Microcode vulnerabilities
2022-07-28 05:31:23
intel-microcode vulnerabilities
2022-06-20 04:21:50
intel-microcode - security update
2022-07-06 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5535-1)
2022-08-26 00:00:00
Ubuntu: Security Advisory (USN-5486-1)
2022-06-21 00:00:00
Debian: Security Advisory (DSA-5178-1)
2022-07-08 00:00:00
cloudfoundry
cloudfoundry
USN-5486-1: Intel Microcode vulnerabilities | Cloud Foundry
2022-06-30 00:00:00
debian
debian
[SECURITY] [DSA 5178-1] intel-microcode security update
2022-07-06 13:12:52
[SECURITY] [DSA 5184-1] xen security update
2022-07-15 18:05:47
suse
suse
Security update for ucode-intel (important)
2022-02-25 00:00:00
Security update for ucode-intel (moderate)
2022-05-18 00:00:00
mageia
mageia
Updated microcode packages fix security vulnerabilities
2022-02-15 23:50:31
Updated kernel packages fix security vulnerabilities
2022-06-29 19:18:17
Updated kernel-linus packages fix security vulnerabilities
2022-06-29 19:18:17
hp
hp
Intel® Processors June 2022 Security Update
2022-06-14 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel-container security update
2022-06-14 00:00:00
Unbreakable Enterprise kernel-container security update
2022-06-15 00:00:00
Unbreakable Enterprise kernel security update
2022-06-14 00:00:00
mscve
mscve
Microsoft Guidance on Intel Processor MMIO Stale Data Vulnerabilities
2022-06-14 07:00:00
Intel: CVE-2022-21127 Special Register Buffer Data Sampling Update (SRBDS Update)
2022-06-14 07:00:00
intel
intel
Intel® Processors MMIO Stale Data Advisory
2022-10-19 00:00:00
3rd Generation Intel® Xeon® Scalable Processors Advisory
2022-10-19 00:00:00
2021.2 IPU - Intel Atom® Processor Advisory
2022-02-08 00:00:00
malwarebytes
malwarebytes
Intel CPU vulnerabilities fixed. But should you update?
2023-03-06 07:00:00
rocky
rocky
microcode_ctl bug fix and enhancement update
2022-04-26 13:49:11
kernel-rt security and bug fix update
2022-09-13 07:36:33
kernel security, bug fix, and enhancement update
2022-09-13 07:37:13
almalinux
almalinux
microcode_ctl bug fix and enhancement update
2022-04-26 13:49:11
Moderate: kernel security, bug fix, and enhancement update
2022-09-13 00:00:00
Moderate: kernel-rt security and bug fix update
2022-09-13 00:00:00
f5
f5
K04808933 : Intel Processors MMIO Stale Data Advisory vulnerabilities CVE-2022-21123, CVE-2022-21125, and CVE-2022-21127
2022-07-18 00:00:00
K29421535 : Intel processor vulnerability CVE-2021-33117
2022-06-07 00:00:00
K95204515 : Intel CPU vulnerability CVE-2022-21151
2022-06-07 00:00:00
citrix
citrix
Citrix Hypervisor Security Update
2022-06-23 20:06:39
vmware
vmware
VMware ESXi addresses DirectPath I/O (PCI-Passthrough) Information Leak vulnerabilities (CVE-2022-21123, CVE-2022-21125, CVE-2022-21166)
2022-06-14 00:00:00
xen
xen
x86: MMIO Stale Data vulnerabilities
2022-06-14 18:21:00
redhat
redhat
(RHSA-2022:6460) Moderate: kernel security, bug fix, and enhancement update
2022-09-13 07:37:13
(RHSA-2022:6437) Moderate: kernel-rt security and bug fix update
2022-09-13 07:36:33
(RHSA-2022:7279) Important: kernel security and bug fix update
2022-11-01 14:04:32
fedora
fedora
[SECURITY] Fedora 36 Update: xen-4.16.1-4.fc36
2022-07-01 01:09:33
[SECURITY] Fedora 36 Update: kernel-5.18.5-200.fc36
2022-06-17 01:16:22
[SECURITY] Fedora 35 Update: kernel-5.18.5-100.fc35
2022-06-18 01:45:12
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Intel Processors affect IBM Cloud Pak System
2023-03-31 15:06:36
amazon
amazon
Medium: microcode_ctl
2022-05-31 23:50:00
Medium: microcode_ctl
2022-06-30 23:38:00
Important: microcode_ctl
2022-03-07 23:34:00
gentoo
gentoo
intel-microcode: Multiple Vulnerabilities
2024-02-19 00:00:00
centos
centos
bpftool, kernel, perf, python security update
2022-08-15 17:35:43
prion
prion
Improper access control
2022-05-12 17:15:00
Design/Logic Flaw
2022-02-09 23:15:00
Information disclosure
2022-05-12 17:15:00
cve
cve
CVE-2021-33117
2022-05-12 17:15:00
CVE-2022-21151
2022-05-12 17:15:00
CVE-2021-33120
2022-02-09 23:15:00
redhatcve
redhatcve
CVE-2021-33117
2022-05-16 14:31:12
CVE-2021-33120
2022-02-08 19:09:38
CVE-2022-21151
2022-05-16 14:44:20
ubuntucve
ubuntucve
CVE-2021-33117
2022-05-12 00:00:00
CVE-2022-21151
2022-05-12 00:00:00
CVE-2021-33120
2022-02-09 00:00:00
veracode
veracode
Information Disclosure
2022-05-14 02:48:57
Denial Of Service (DoS)
2022-02-26 01:20:43
Information Disclosure
2022-05-13 08:59:12
debiancve
debiancve
CVE-2021-33117
2022-05-12 17:15:00
CVE-2021-33120
2022-02-09 23:15:00
CVE-2022-21151
2022-05-12 17:15:00
alpinelinux
alpinelinux
CVE-2022-21151
2022-05-12 17:15:00
CVE-2022-21127
2022-06-15 20:15:00

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

0.001 Low

EPSS

Percentile

27.6%

JSON
Related for USN-5535-1
nessus60ubuntu4osv14openvas26cloudfoundry1debian2suse2mageia3hp1oraclelinux11mscve2intel5malwarebytes1rocky4almalinux3f53citrix1vmware1xen1redhat12fedora3ibm1amazon3gentoo1centos1prion4cve4redhatcve6ubuntucve6veracode5debiancve6alpinelinux2