Information Disclosure Vulnerability in Intel Processors
CVE-2022-21125

5.5MEDIUM

Key Information:

Vendor: Xen Project
Status: Intel(r) Processors
Vendor: CVE Published:; 15 June 2022

What is CVE-2022-21125?

This vulnerability arises from the incomplete cleanup of microarchitectural fill buffers present in certain Intel processors. An authenticated user with local access may exploit this flaw to potentially disclose sensitive information, leading to unintended data exposure. It emphasizes the need for organizations to promptly apply patches and updates to mitigate possible risks stemming from this vulnerability.

Affected Version(s)

Intel(R) Processors See references

References

http://xenbits.xen.org/xsa/advisory-404.html

x_refsource_CONFIRM

https://www.intel.com/content/www/us/en/security-center/a...

x_refsource_MISC

http://www.openwall.com/lists/oss-security/2022/06/16/1

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 15, 2022
Vulnerability Reserved
Nov 12, 2021

Xen Project

What is CVE-2022-21125?

Affected Version(s)

References

CVSS V3.1

Timeline