#VU64378 Observable discrepancy in Intel products - CVE-2022-24436

Cybersecurity Help s.r.o.

Published: 2022-06-14 | Updated: 2022-06-15

Vulnerability identifier: #VU64378

Vulnerability risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-24436

CWE-ID: CWE-203

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Intel Xeon Processors
Hardware solutions / Firmware
Intel Pentium Processors
Hardware solutions / Firmware
Intel Celeron Processors
Hardware solutions / Firmware
Intel Atom Processors
Hardware solutions / Firmware

Vendor: Intel

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to observable discrepancy in power management throttling in Intel processors. A remote user can gain access to sensitive information.

The vulnerability is dubbed Hertzbleed.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Intel Xeon Processors: All versions

Intel Pentium Processors: All versions

Intel Celeron Processors: All versions

Intel Atom Processors: All versions

External links
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Hertzbleed vulnerability in F5 F5OS on Intel processors

Hertzbleed vulnerability in F5 BIG-IQ Centralized Management on Intel processors

Hertzbleed vulnerability in F5 BIG-IP on Intel processors

Information disclosure in all Intel processors