CVE-2022-21125

Description

Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Related CPE's

oxenxen******x86*

ofedoraprojectfedora35*******

ofedoraprojectfedora36*******

aintelsgx_dcap*****linux**

aintelsgx_dcap*****windows**

aintelsgx_psw*****linux**

aintelsgx_psw*****windows**

aintelsgx_sdk*****linux**

aintelsgx_sdk*****windows**

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html

PatchVendor Advisory

[oss-security] 20220616 Xen Security Advisory 404 v2 (CVE-2022-21123,CVE-2022-21125,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities

Mailing ListPatchThird Party Advisory

http://xenbits.xen.org/xsa/advisory-404.html

PatchThird Party Advisory

FEDORA-2022-391e24517d

Mailing ListThird Party Advisory

FEDORA-2022-177a008b98

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20220624-0008/

Third Party Advisory

FEDORA-2022-925fc688c1

[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update

CvssV3 impact

Could not find any metrics

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

PARTIAL

AvailabilityImpact

NONE

IntegrityImpact

NONE

BaseScore

2.0999999046325684

VectorString

AV:L/AC:L/Au:N/C:P/I:N/A:N

Version

2.0

AccessVector

LOCAL

Authentication

NONE

Created by Yello
About Severity.io