CVE-2022-40982

Description

Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Metrics

• v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS Trends

Current EPSS score: 0.73%• Percentile: 73%

Techniques & Countermeasures

• CWE-1342•Information Exposure through Microarchitectural State after Transient Execution

  The processor does not properly clear microarchitectural state after incorrect microcode assists or speculative execution, resulting in transient execution.

• CWE-203•Observable Discrepancy

  The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

Affected Systems

• debian•debian_linux

  10.0 | 11.0 | 12.0

• intel•celeron_5205u_firmware

  na

• intel•celeron_5305u_firmware

  na

• intel•celeron_g4900_firmware

  na

• intel•celeron_g4900t_firmware

  na

• intel•celeron_g4920_firmware

  na

• intel•celeron_g5900_firmware

  na

• intel•celeron_g5900t_firmware

  na

• intel•celeron_g5905_firmware

  na

• intel•celeron_g5905t_firmware

  na

• intel•celeron_g5920_firmware

  na

• intel•celeron_g5925_firmware

  na

• intel•core_i3-1000g1_firmware

  na

• intel•core_i3-1000g4_firmware

  na

• intel•core_i3-1005g1_firmware

  na

• intel•core_i3-10100_firmware

  na

• intel•core_i3-10100f_firmware

  na

• intel•core_i3-10100t_firmware

  na

• intel•core_i3-10100y_firmware

  na

• intel•core_i3-10105_firmware

  na

• intel•core_i3-10105f_firmware

  na

• intel•core_i3-10105t_firmware

  na

• intel•core_i3-10110u_firmware

  na

• intel•core_i3-10110y_firmware

  na

• intel•core_i3-10300_firmware

  na

• intel•core_i3-10300t_firmware

  na

• intel•core_i3-10305_firmware

  na

• intel•core_i3-10305t_firmware

  na

• intel•core_i3-10320_firmware

  na

• intel•core_i3-10325_firmware

  na

• intel•core_i3-11100he_firmware

  na

• intel•core_i3-1110g4_firmware

  na

• intel•core_i3-1115g4_firmware

  na

• intel•core_i3-1115g4e_firmware

  na

• intel•core_i3-1115gre_firmware

  na

• intel•core_i3-1120g4_firmware

  na

• intel•core_i3-1125g4_firmware

  na

• intel•core_i3-7020u_firmware

  na

• intel•core_i3-7100_firmware

  na

• intel•core_i3-7100e_firmware

  na

• intel•core_i3-7100t_firmware

  na

• intel•core_i3-7100u_firmware

  na

• intel•core_i3-7101e_firmware

  na

• intel•core_i3-7101te_firmware

  na

• intel•core_i3-7102e_firmware

  na

• intel•core_i3-7120_firmware

  na

• intel•core_i3-7120t_firmware

  na

• intel•core_i3-7167u_firmware

  na

• intel•core_i3-7300_firmware

  na

• intel•core_i3-7300t_firmware

  na

Showing first 50 affected entries in server-rendered view.

References (15)

• http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html
• https://downfall.page
• https://aws.amazon.com/security/security-bulletins/AWS-2023-007/
• https://access.redhat.com/solutions/7027704
• https://xenbits.xen.org/xsa/advisory-435.html
• https://lists.debian.org/debian-lts-announce/2023/08/msg00013.html
• https://security.netapp.com/advisory/ntap-20230811-0001/
• https://www.debian.org/security/2023/dsa-5474
• https://www.debian.org/security/2023/dsa-5475
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7WO5JM74YJSYAE5RBV4DC6A4YLEKWLF/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OL7WI2TJCWSZIQP2RIOLWHOKLM25M44J/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKREYYTWUY7ZDNIB2N6H5BUJ3LE5VZPE/
• https://lists.debian.org/debian-lts-announce/2023/08/msg00026.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/
• http://xenbits.xen.org/xsa/advisory-435.html