Information Disclosure in Intel Processors
CVE-2022-21166

5.5MEDIUM

Key Information:

Vendor: Xen Project
Status: Intel(r) Processors
Vendor: CVE Published:; 15 June 2022

What is CVE-2022-21166?

An incomplete cleanup issue exists in certain write operations related to special registers for some Intel processors. This vulnerability can potentially allow an authenticated user to access sensitive information through local access. The concern revolves around improper handling of memory I/O operations, which could expose stale data under certain conditions. Users and administrators are advised to review the relevant security advisories and apply necessary updates to mitigate this risk.

Affected Version(s)

Intel(R) Processors See references

References

https://www.intel.com/content/www/us/en/security-center/a...

x_refsource_MISC

http://www.openwall.com/lists/oss-security/2022/06/16/1

mailing-listx_refsource_MLIST

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 15, 2022
Vulnerability Reserved
Nov 12, 2021

Xen Project

What is CVE-2022-21166?

Affected Version(s)

References

CVSS V3.1

Timeline