Your submission was sent successfully! Close

CVE-2022-21233

Published: 9 August 2022

Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

From the Ubuntu Security Team

Pietro Borrello, Andreas Kogler, Martin Schwarzl, Daniel Gruss, Michael Schwarz and Moritz Lipp discovered that some Intel processors did not properly clear data between subsequent xAPIC MMIO reads. This could allow a local attacker to compromise SGX enclaves.

Notes

AuthorNote
sbeattie
Intel TA-00657
only known impact is to compromise SGX
Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
intel-microcode
Launchpad, Ubuntu, Debian
bionic
Released (3.20220809.0ubuntu0.18.04.1)
focal
Released (3.20220809.0ubuntu0.20.04.1)
jammy
Released (3.20220809.0ubuntu0.22.04.1)
kinetic
Released (3.20220809.0ubuntu1)
trusty Needed

upstream Needs triage

xenial Needed