CVE-2022-21151
Published: 12 May 2022
Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
From the Ubuntu security team
Alysa Milburn, Jason Brandt, Avishai Redelman and Nir Lavi discovered that some Intel processors improperly optimised security-critical code. A local attacker could possibly use this to expose sensitive information.
Priority
Medium
CVSS 3 base score: 5.5
Status
| Package | Release | Status |
|---|---|---|
|
intel-microcode Launchpad, Ubuntu, Debian |
bionic |
Released
(3.20220510.0ubuntu0.18.04.1)
|
| focal |
Released
(3.20220510.0ubuntu0.20.04.1)
|
|
| impish |
Released
(3.20220510.0ubuntu0.21.10.1)
|
|
| jammy |
Released
(3.20220510.0ubuntu0.22.04.1)
|
|
| trusty |
Ignored
(early microcode loading not allowed)
|
|
| upstream |
Released
(3.20220510.1)
|
|
| xenial |
Released
(3.20220510.0ubuntu0.16.04.1+esm1)
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21151
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00617.html
- https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220510
- https://ubuntu.com/security/notices/USN-5486-1
- NVD
- Launchpad
- Debian