CVE-2021-0145
Published: 9 February 2022
Improper initialization of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
From the Ubuntu Security Team
Joseph Nuzman discovered that some Intel processors did not properly initialise shared resources. This may allow a local attacker to obtain sensitive information.
Priority
Status
Package | Release | Status |
---|---|---|
intel-microcode Launchpad, Ubuntu, Debian |
bionic |
Released
(3.20220510.0ubuntu0.18.04.1)
|
focal |
Released
(3.20220510.0ubuntu0.20.04.1)
|
|
impish |
Released
(3.20220510.0ubuntu0.21.10.1)
|
|
jammy |
Released
(3.20220510.0ubuntu0.22.04.1)
|
|
kinetic |
Released
(3.20220207.1ubuntu1)
|
|
trusty |
Ignored
(early microcode loading not allowed)
|
|
upstream |
Released
(3.20220207.1)
|
|
xenial |
Released
(3.20220510.0ubuntu0.16.04.1+esm1)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.5 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0145
- https://access.redhat.com/security/cve/CVE-2021-0145
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00561.html
- https://ubuntu.com/security/notices/USN-5486-1
- https://ubuntu.com/security/notices/USN-5535-1
- NVD
- Launchpad
- Debian