CVE-2022-21151
Published: 12 May 2022
Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
From the Ubuntu Security Team
Alysa Milburn, Jason Brandt, Avishai Redelman and Nir Lavi discovered that some Intel processors improperly optimised security-critical code. A local attacker could possibly use this to expose sensitive information.
Priority
Status
Package | Release | Status |
---|---|---|
intel-microcode Launchpad, Ubuntu, Debian |
bionic |
Released
(3.20220510.0ubuntu0.18.04.1)
|
focal |
Released
(3.20220510.0ubuntu0.20.04.1)
|
|
impish |
Released
(3.20220510.0ubuntu0.21.10.1)
|
|
jammy |
Released
(3.20220510.0ubuntu0.22.04.1)
|
|
kinetic |
Released
(3.20220510.0ubuntu1)
|
|
trusty |
Ignored
(early microcode loading not allowed)
|
|
upstream |
Released
(3.20220510.1)
|
|
xenial |
Released
(3.20220510.0ubuntu0.16.04.1+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.5 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
References
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00617.html
- https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220510
- https://ubuntu.com/security/notices/USN-5486-1
- https://ubuntu.com/security/notices/USN-5535-1
- https://www.cve.org/CVERecord?id=CVE-2022-21151
- NVD
- Launchpad
- Debian