Lucene search

[email protected]CVE-2022-21127

HistoryJun 15, 2022 - 8:15 p.m.

CVE-2022-21127

2022-06-1520:15:17

CWE-459

[email protected]

web.nvd.nist.gov

183

cve-2022-21127

intel processor

information disclosure

local access

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

14.1%

JSON

Incomplete cleanup in specific special register read operations for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access.

Affected configurations

NVD

Node

xenxenx86

Node

intelsgx_dcapRange<1.14.100.3linux

intelsgx_dcapRange<1.14.100.3windows

intelsgx_pswRange<2.16.100.3windows

intelsgx_pswRange<2.17.100.3linux

intelsgx_sdkRange<2.16.100.3windows

intelsgx_sdkRange<2.17.100.3linux

Node

debiandebian_linuxMatch10.0

debiandebian_linuxMatch11.0

CPENameOperatorVersion
xen:xenxeneq*

CPE	Name	Operator	Version
xen:xen	xen	eq	*

CNA Affected

[
  {
    "product": "Intel(R) Processors",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "See references"
      }
    ]
  }
]