Privilege Escalation Vulnerability in Intel Xeon Processors
CVE-2022-33196

7.2HIGH

Key Information:

Vendor: Intel
Status: Intel(r) Xeon(r) Processors With Intelâ® Software Guard Extensions (sgx)
Vendor: CVE Published:; 16 February 2023

What is CVE-2022-33196?

This vulnerability arises from incorrect default permissions in certain memory controller configurations for specific Intel Xeon processors utilizing Intel Software Guard Extensions. A privileged user can potentially leverage local access to escalate their privileges, posing a security risk for affected systems. It is crucial for users of the affected processors to apply the necessary updates and configurations as recommended by Intel to mitigate this risk.

Affected Version(s)

Intel(R) Xeon(R) Processors with IntelÂ® Software Guard Extensions (SGX) See references

References

http://www.intel.com/content/www/us/en/security-center/ad...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 16, 2023
Vulnerability Reserved
Jul 22, 2022