cvelistv5 - cve-2022-24436

CVE-2022-24436 (GCVE-0-2022-24436)

Vulnerability from cvelistv5 – Published: 2022-06-15 20:08 – Updated: 2025-05-05 16:24

Summary

Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

information disclosure

Assigner

intel

References

URL

Tags

	https://www.intel.com/content/www/us/en/security-…	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-2022062…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Intel(R) Processors	Affected: See references

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:13:55.437Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220624-0007/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-24436",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:20:33.956066Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-203",
                "description": "CWE-203 Observable Discrepancy",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-05T16:24:02.814Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Intel(R) Processors",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "See references"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": " information disclosure ",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-24T15:06:34.000Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220624-0007/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2022-24436",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Intel(R) Processors",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "See references"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": " information disclosure "
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html",
              "refsource": "MISC",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220624-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220624-0007/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2022-24436",
    "datePublished": "2022-06-15T20:08:51.000Z",
    "dateReserved": "2022-02-18T00:00:00.000Z",
    "dateUpdated": "2025-05-05T16:24:02.814Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:intel:*:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"89CBE93C-BB36-4F26-9F73-554C9BB8E131\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.\"}, {\"lang\": \"es\", \"value\": \"Un comportamiento observable en la regulaci\\u00f3n de la administraci\\u00f3n de la energ\\u00eda para algunos procesadores Intel(R) puede permitir que un usuario autenticado permita potencialmente una divulgaci\\u00f3n de informaci\\u00f3n por medio del acceso a la red\"}]",
      "id": "CVE-2022-24436",
      "lastModified": "2024-11-21T06:50:25.057",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:N/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-06-15T21:15:09.293",
      "references": "[{\"url\": \"https://security.netapp.com/advisory/ntap-20220624-0007/\", \"source\": \"secure@intel.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html\", \"source\": \"secure@intel.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220624-0007/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@intel.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-203\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-24436\",\"sourceIdentifier\":\"secure@intel.com\",\"published\":\"2022-06-15T21:15:09.293\",\"lastModified\":\"2025-05-05T17:18:00.383\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.\"},{\"lang\":\"es\",\"value\":\"Un comportamiento observable en la regulaci\u00f3n de la administraci\u00f3n de la energ\u00eda para algunos procesadores Intel(R) puede permitir que un usuario autenticado permita potencialmente una divulgaci\u00f3n de informaci\u00f3n por medio del acceso a la red\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-203\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-203\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:*:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89CBE93C-BB36-4F26-9F73-554C9BB8E131\"}]}]}],\"references\":[{\"url\":\"https://security.netapp.com/advisory/ntap-20220624-0007/\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220624-0007/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220624-0007/\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T04:13:55.437Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-24436\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-23T13:20:33.956066Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-203\", \"description\": \"CWE-203 Observable Discrepancy\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-05T13:10:52.654Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"Intel(R) Processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"See references\"}]}], \"references\": [{\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220624-0007/\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \" information disclosure \"}]}], \"providerMetadata\": {\"orgId\": \"6dda929c-bb53-4a77-a76d-48e79601a1ce\", \"shortName\": \"intel\", \"dateUpdated\": \"2022-06-24T15:06:34.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"See references\"}]}, \"product_name\": \"Intel(R) Processors\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html\", \"name\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220624-0007/\", \"name\": \"https://security.netapp.com/advisory/ntap-20220624-0007/\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \" information disclosure \"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2022-24436\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"secure@intel.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-24436\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-05T16:24:02.814Z\", \"dateReserved\": \"2022-02-18T00:00:00.000Z\", \"assignerOrgId\": \"6dda929c-bb53-4a77-a76d-48e79601a1ce\", \"datePublished\": \"2022-06-15T20:08:51.000Z\", \"assignerShortName\": \"intel\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2022-24436

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.

Aliases

CVE-2022-24436

Aliases

CVE-2022-24436

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-24436",
    "description": "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.",
    "id": "GSD-2022-24436",
    "references": [
      "https://www.suse.com/security/cve/CVE-2022-24436.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-24436"
      ],
      "details": "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.",
      "id": "GSD-2022-24436",
      "modified": "2023-12-13T01:19:42.634377Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@intel.com",
        "ID": "CVE-2022-24436",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Intel(R) Processors",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "See references"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": " information disclosure "
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html",
            "refsource": "MISC",
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20220624-0007/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20220624-0007/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:intel:*:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2022-24436"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-203"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220624-0007/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20220624-0007/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-06-28T15:05Z",
      "publishedDate": "2022-06-15T21:15Z"
    }
  }
}

FKIE_CVE-2022-24436

Vulnerability from fkie_nvd - Published: 2022-06-15 21:15 - Updated: 2025-05-05 17:18

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.

References

URL	Tags
secure@intel.com	https://security.netapp.com/advisory/ntap-20220624-0007/	Third Party Advisory
secure@intel.com	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220624-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html	Vendor Advisory

Impacted products

	Vendor	Product	Version
	intel	*	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:*:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "89CBE93C-BB36-4F26-9F73-554C9BB8E131",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access."
    },
    {
      "lang": "es",
      "value": "Un comportamiento observable en la regulaci\u00f3n de la administraci\u00f3n de la energ\u00eda para algunos procesadores Intel(R) puede permitir que un usuario autenticado permita potencialmente una divulgaci\u00f3n de informaci\u00f3n por medio del acceso a la red"
    }
  ],
  "id": "CVE-2022-24436",
  "lastModified": "2025-05-05T17:18:00.383",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-06-15T21:15:09.293",
  "references": [
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220624-0007/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220624-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html"
    }
  ],
  "sourceIdentifier": "secure@intel.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-203"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-203"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CERTFR-2022-AVI-552

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer un déni de service et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Intel	N/A	Intel SGX DCAP pour Linux versions antérieures à 1.14.100.3
Intel	N/A	Intel SGX PSW pour Windows versions antérieures à 2.16.100.3
Intel	N/A	Intel SGX SDK pour Linux versions antérieures à 2.17.100.3
Intel	N/A	Toutes les processeurs Intel
Intel	N/A	Intel SGX DCAP pour Windows versions antérieures à 1.14.100.3
Intel	N/A	Intel SGX SDK pour Windows versions antérieures à 2.16.100.3
Intel	N/A	Intel SGX PSW pour Linux versions antérieures à 2.17.100.3

References

Title

Publication Time

Tags

Bulletin de sécurité Intel intel-sa-00615 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00698 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00645 du 14 juin 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Intel SGX DCAP pour Linux versions ant\u00e9rieures \u00e0 1.14.100.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SGX PSW pour Windows versions ant\u00e9rieures \u00e0 2.16.100.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SGX SDK pour Linux versions ant\u00e9rieures \u00e0 2.17.100.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Toutes les processeurs Intel",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SGX DCAP pour Windows versions ant\u00e9rieures \u00e0 1.14.100.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SGX SDK pour Windows versions ant\u00e9rieures \u00e0 2.16.100.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SGX PSW pour Linux versions ant\u00e9rieures \u00e0 2.17.100.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-21127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21127"
    },
    {
      "name": "CVE-2022-21166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21166"
    },
    {
      "name": "CVE-2022-24436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24436"
    },
    {
      "name": "CVE-2022-21125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21125"
    },
    {
      "name": "CVE-2022-21123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21123"
    },
    {
      "name": "CVE-2022-21180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21180"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-552",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-06-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00615 du 14 juin 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00698 du 14 juin 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00645 du 14 juin 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00645.html"
    }
  ]
}

CERTFR-2022-AVI-552

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer un déni de service et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Intel	N/A	Intel SGX DCAP pour Linux versions antérieures à 1.14.100.3
Intel	N/A	Intel SGX PSW pour Windows versions antérieures à 2.16.100.3
Intel	N/A	Intel SGX SDK pour Linux versions antérieures à 2.17.100.3
Intel	N/A	Toutes les processeurs Intel
Intel	N/A	Intel SGX DCAP pour Windows versions antérieures à 1.14.100.3
Intel	N/A	Intel SGX SDK pour Windows versions antérieures à 2.16.100.3
Intel	N/A	Intel SGX PSW pour Linux versions antérieures à 2.17.100.3

References

Title

Publication Time

Tags

Bulletin de sécurité Intel intel-sa-00615 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00698 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00645 du 14 juin 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Intel SGX DCAP pour Linux versions ant\u00e9rieures \u00e0 1.14.100.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SGX PSW pour Windows versions ant\u00e9rieures \u00e0 2.16.100.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SGX SDK pour Linux versions ant\u00e9rieures \u00e0 2.17.100.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Toutes les processeurs Intel",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SGX DCAP pour Windows versions ant\u00e9rieures \u00e0 1.14.100.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SGX SDK pour Windows versions ant\u00e9rieures \u00e0 2.16.100.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SGX PSW pour Linux versions ant\u00e9rieures \u00e0 2.17.100.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-21127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21127"
    },
    {
      "name": "CVE-2022-21166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21166"
    },
    {
      "name": "CVE-2022-24436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24436"
    },
    {
      "name": "CVE-2022-21125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21125"
    },
    {
      "name": "CVE-2022-21123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21123"
    },
    {
      "name": "CVE-2022-21180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21180"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-552",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-06-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00615 du 14 juin 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00698 du 14 juin 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00645 du 14 juin 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00645.html"
    }
  ]
}

VAR-202206-1278

Vulnerability from variot - Updated: 2023-12-18 11:02

Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access. Intel's * Exists in observable mismatch vulnerabilities.Information may be obtained

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202206-1278",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "*",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "*"
      },
      {
        "model": "*",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a4\u30f3\u30c6\u30eb",
        "version": null
      },
      {
        "model": "*",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30a4\u30f3\u30c6\u30eb",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-012264"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-24436"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:intel:*:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-24436"
      }
    ]
  },
  "cve": "CVE-2022-24436",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2022-24436",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-415334",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2022-24436",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-24436",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202206-1466",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-415334",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2022-24436",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-415334"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-24436"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-012264"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-24436"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-1466"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access. Intel\u0027s * Exists in observable mismatch vulnerabilities.Information may be obtained",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-24436"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-012264"
      },
      {
        "db": "VULHUB",
        "id": "VHN-415334"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-24436"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-24436",
        "trust": 3.4
      },
      {
        "db": "JVN",
        "id": "JVNVU94721039",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-012264",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.2920",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.3438",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-1466",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-415334",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-24436",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-415334"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-24436"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-012264"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-24436"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-1466"
      }
    ]
  },
  "id": "VAR-202206-1278",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-415334"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:02:07.361000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Intel Processors Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=196621"
      },
      {
        "title": "BleepingComputer",
        "trust": 0.1,
        "url": "https://www.bleepingcomputer.com/news/security/new-hertzbleed-side-channel-attack-affects-intel-amd-cpus/"
      },
      {
        "title": "The Register",
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2022/06/15/microsoft_patch_tuesday/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-24436"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-1466"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-203",
        "trust": 1.1
      },
      {
        "problemtype": "Observable discrepancy (CWE-203) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-415334"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-012264"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-24436"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://security.netapp.com/advisory/ntap-20220624-0007/"
      },
      {
        "trust": 2.6,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu94721039/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24436"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.2920"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/intel-amd-processors-information-disclosure-via-hertzbleed-38609"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.3438"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-24436/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/203.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.bleepingcomputer.com/news/security/new-hertzbleed-side-channel-attack-affects-intel-amd-cpus/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-415334"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-24436"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-012264"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-24436"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-1466"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-415334"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-24436"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-012264"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-24436"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-1466"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-06-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-415334"
      },
      {
        "date": "2022-06-15T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-24436"
      },
      {
        "date": "2023-08-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-012264"
      },
      {
        "date": "2022-06-15T21:15:09.293000",
        "db": "NVD",
        "id": "CVE-2022-24436"
      },
      {
        "date": "2022-06-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202206-1466"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-06-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-415334"
      },
      {
        "date": "2022-06-28T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-24436"
      },
      {
        "date": "2023-08-28T08:07:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-012264"
      },
      {
        "date": "2022-06-28T15:05:29.613000",
        "db": "NVD",
        "id": "CVE-2022-24436"
      },
      {
        "date": "2022-07-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202206-1466"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-1466"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Intel\u0027s \u00a0*\u00a0 Vulnerability regarding observable inconsistencies in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-012264"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-1466"
      }
    ],
    "trust": 0.6
  }
}

WID-SEC-W-2022-0333

Vulnerability from csaf_certbund - Published: 2022-06-14 22:00 - Updated: 2025-02-06 23:00

Summary

Prozessoren: Schwachstelle ermöglicht Offenlegung von Informationen und Umgehung von Kryptografie

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Prozessoren sind die zentralen Rechenwerke eines Computers.

Angriff

Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in AMD und Intel Prozessoren ausnutzen, um Informationen offenzulegen und dadurch kryptografische Sicherheitsvorkehrungen zu umgehen.

Betroffene Betriebssysteme

- Hardware Appliance

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Prozessoren sind die zentralen Rechenwerke eines Computers.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in AMD und Intel Prozessoren ausnutzen, um Informationen offenzulegen und dadurch kryptografische Sicherheitsvorkehrungen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Hardware Appliance",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-0333 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0333.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-0333 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0333"
      },
      {
        "category": "external",
        "summary": "Hertzbleed Attack Webseite vom 2022-06-14",
        "url": "https://www.hertzbleed.com/"
      },
      {
        "category": "external",
        "summary": "AMD Security Bulletin AMD-SB-1038 vom 2022-06-14",
        "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038"
      },
      {
        "category": "external",
        "summary": "Intel Security Advisory INTEL-SA-00698 vom 2022-06-14",
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html"
      },
      {
        "category": "external",
        "summary": "Hertzbleed PoC",
        "url": "https://github.com/FPSG-UIUC/hertzbleed"
      },
      {
        "category": "external",
        "summary": "Lenovo Security Advisory",
        "url": "https://support.lenovo.com/de/de/product_security/ps500001-lenovo-product-security-advisories"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K14335949 vom 2025-02-06",
        "url": "https://my.f5.com/manage/s/article/K14335949"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K43357358 vom 2025-02-06",
        "url": "https://my.f5.com/manage/s/article/K43357358"
      }
    ],
    "source_lang": "en-US",
    "title": "Prozessoren: Schwachstelle erm\u00f6glicht Offenlegung von Informationen und Umgehung von Kryptografie",
    "tracking": {
      "current_release_date": "2025-02-06T23:00:00.000+00:00",
      "generator": {
        "date": "2025-02-07T09:06:03.949+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2022-0333",
      "initial_release_date": "2022-06-14T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2022-06-14T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-02-06T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von F5 aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "AMD Prozessor",
            "product": {
              "name": "AMD Prozessor",
              "product_id": "T019554",
              "product_identification_helper": {
                "cpe": "cpe:/h:amd:amd_processor:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "AMD"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "F5 BIG-IP",
            "product": {
              "name": "F5 BIG-IP",
              "product_id": "T001663",
              "product_identification_helper": {
                "cpe": "cpe:/a:f5:big-ip:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "F5"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Intel Prozessor",
            "product": {
              "name": "Intel Prozessor",
              "product_id": "T011586",
              "product_identification_helper": {
                "cpe": "cpe:/h:intel:intel_prozessor:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Intel"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Lenovo Computer",
            "product": {
              "name": "Lenovo Computer",
              "product_id": "T006520",
              "product_identification_helper": {
                "cpe": "cpe:/o:lenovo:lenovo_computer:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Lenovo"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-23823",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in AMD- und Intel-Prozessoren, die mehrere Seitenkanalangriffe erm\u00f6glicht. Das Verhalten der dynamischen Frequenzskalierungs-/Drosselungsfunktion der CPU kann aus der Ferne beobachtet werden, so dass ein lokaler oder entfernter Angreifer in bestimmten F\u00e4llen verarbeitete Daten rekonstruieren, also offenlegen kann. Die Forscher haben eine vollst\u00e4ndige Extraktion kryptografischer Schl\u00fcssel gegen die SIKE-Schl\u00fcsselaustauschmechanismen demonstriert, was dem Angreifer effektiv erm\u00f6glicht, diesen kryptografischen Schutz zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006520",
          "T019554",
          "T001663",
          "T011586"
        ]
      },
      "release_date": "2022-06-14T22:00:00.000+00:00",
      "title": "CVE-2022-23823"
    },
    {
      "cve": "CVE-2022-24436",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in AMD- und Intel-Prozessoren, die mehrere Seitenkanalangriffe erm\u00f6glicht. Das Verhalten der dynamischen Frequenzskalierungs-/Drosselungsfunktion der CPU kann aus der Ferne beobachtet werden, so dass ein lokaler oder entfernter Angreifer in bestimmten F\u00e4llen verarbeitete Daten rekonstruieren, also offenlegen kann. Die Forscher haben eine vollst\u00e4ndige Extraktion kryptografischer Schl\u00fcssel gegen die SIKE-Schl\u00fcsselaustauschmechanismen demonstriert, was dem Angreifer effektiv erm\u00f6glicht, diesen kryptografischen Schutz zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006520",
          "T019554",
          "T001663",
          "T011586"
        ]
      },
      "release_date": "2022-06-14T22:00:00.000+00:00",
      "title": "CVE-2022-24436"
    }
  ]
}

GHSA-M7HV-7HVQ-Q3XX

Vulnerability from github – Published: 2022-06-16 00:00 – Updated: 2025-05-05 18:32

Details

Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-24436"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-15T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.",
  "id": "GHSA-m7hv-7hvq-q3xx",
  "modified": "2025-05-05T18:32:10Z",
  "published": "2022-06-16T00:00:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24436"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220624-0007"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

tid-103

Vulnerability from emb3d

Type

hardware

Link

Show details on source website

Description

Operating system memory safety models rely on processor hardware to enforce separation between different virtual memory spaces. Failures of processor architectures to properly deliver these security guarantees can lead to sensitive information being disclosed across the boundaries between different kernel and process memory spaces. The performance optimization features in modern processors have been shown to be a source of such data leakage vulnerabilities. Data leakage through timing-based side channels introduced by the behavior of processor features such as memory caches have long been known to be effective against cryptographic implementations. The Spectre and Meltdown vulnerabilities announced in 2018 brought attention to weaknesses in certain microarchitectural performance features that could be manipulated in conjunction with memory cache timing techniques to leak data across OS virtual memory bounds. Spectre / Meltdown, and subsequent research work, demonstrated that speculative execution features (e.g., branch prediction, speculative memory loads/stores, out-of-order execution, etc.) could lead to memory locations being read into the CPU’s cache in violation of virtual memory permissions. Malicious code could then utilize a subsequent cache timing side channel attack to extract the data stored in those memory locations.

CWE

CWE-1037: Processor Optimization Removal or Modification of Security-critical Code
CWE-1264: Hardware Logic with Insecure De-Synchronization between Control and Data Channels

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-24436 (GCVE-0-2022-24436)

Solution

Solution

Vulnerability from emb3d

Tags

Sightings

Nomenclature