CVE-2022-21166

CVE Details

Release Date:	2022-06-15
Impact:	None	What is this?

Description

Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

See more information about CVE-2022-21166 from MITRE CVE dictionary and NIST NVD

NOTE: The following CVSS metrics and score provided are preliminary and subject to review.

CVSS v3 metrics

Base Score:	5.5
Vector String:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Version:	3.0
Attack Vector:	Local
Attack Complexity:	Low
Privileges Required:	Low
User Interaction:	None
Scope:	Unchanged
Confidentiality Impact:	High
Integrity Impact:	None
Availability Impact:	None

Errata information

Platform	Errata	Release Date
Oracle Linux version 6 (microcode_ctl)	ELSA-2022-9670	2022-08-01
Oracle Linux version 7 (kernel)	ELSA-2022-5937	2022-08-11
Oracle Linux version 7 (kernel-uek)	ELSA-2022-9481	2022-06-14
Oracle Linux version 7 (kernel-uek)	ELSA-2022-9483	2022-06-14
Oracle Linux version 7 (kernel-uek-container)	ELSA-2022-9482	2022-06-15
Oracle Linux version 7 (kernel-uek-container)	ELSA-2022-9486	2022-06-14
Oracle Linux version 7 (microcode_ctl)	ELSA-2022-9485	2022-06-15
Oracle Linux version 7 (microcode_ctl)	ELSA-2022-9507	2022-06-23
Oracle Linux version 8 (kernel)	ELSA-2022-6460	2022-09-14
Oracle Linux version 8 (kernel-uek)	ELSA-2022-9481	2022-06-14
Oracle Linux version 8 (kernel-uek-container)	ELSA-2022-9486	2022-06-14
Oracle Linux version 8 (microcode_ctl)	ELSA-2022-9484	2022-06-14
Oracle Linux version 8 (microcode_ctl)	ELSA-2022-9508	2022-06-23
Oracle Linux version 9 (kernel)	ELSA-2022-8267	2022-11-22
Oracle VM version 3 (microcode_ctl)	OVMSA-2022-0020	2022-08-03
Oracle VM version 3 (xen)	OVMSA-2022-0023	2022-08-30