Multiple vulnerabilities in Intel Xeon processors
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2022-21131 CVE-2022-21136 |
| CWE-ID | CWE-284 CWE-20 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Intel Xeon Scalable Processors Hardware solutions / Other hardware appliances Intel Xeon D-2100 Processor Hardware solutions / Firmware 2nd Generation Intel Xeon Scalable Processors Hardware solutions / Firmware Intel Core i9 Hardware solutions / Firmware Intel Core 79xxX Hardware solutions / Firmware Intel Core 78xxX Hardware solutions / Firmware |
| Vendor | Intel |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Improper access control
EUVDB-ID: #VU63346
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21131
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper access restrictions. A local user can gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsIntel Xeon Scalable Processors: All versions
Intel Xeon D-2100 Processor: All versions
2nd Generation Intel Xeon Scalable Processors: All versions
Intel Core i9: All versions
Intel Core 79xxX: All versions
Intel Core 78xxX: All versions
CPE2.3- cpe:2.3:h:intel:intel_xeon_scalable_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_d-2100_processor:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:2nd_generation_intel_xeon_scalable_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_i9:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_79xxx:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_78xxx:*:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00616.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU63347
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21136
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A local privileged user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Xeon Scalable Processors: All versions
Intel Xeon D-2100 Processor: All versions
Intel Core i9: All versions
Intel Core 79xxX: All versions
Intel Core 78xxX: All versions
CPE2.3- cpe:2.3:h:intel:intel_xeon_scalable_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_d-2100_processor:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_i9:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_79xxx:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_78xxx:*:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00616.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
