CVE-2022-41804
Published: 8 August 2023
Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
From the Ubuntu Security Team
It was discovered that some Intel(R) Xeon(R) Processors did not properly restrict error injection for Intel(R) SGX or Intel(R) TDX. A local privileged user could use this to further escalate their privileges.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
intel-microcode Launchpad, Ubuntu, Debian |
trusty |
Needs triage
|
| bionic |
Released
(3.20230808.0ubuntu0.18.04.1+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| focal |
Released
(3.20230808.0ubuntu0.20.04.1)
|
|
| jammy |
Released
(3.20230808.0ubuntu0.22.04.1)
|
|
| upstream |
Needs triage
|
|
| lunar |
Released
(3.20230808.0ubuntu1)
|
|
| xenial |
Released
(3.20230808.0ubuntu0.16.04.1+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 6.7 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | High |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |