Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for xeon_w-10855_firmware by intel

    CVE-2022-26373 (GCVE-0-2022-26373)

    Vulnerability from nvd – Published: 2022-08-18 00:00 – Updated: 2025-05-05 16:22
    VLAI
    Summary
    Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a Intel(R) Processors Affected: See references
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:03:32.895Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00706.html"
              },
              {
                "name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html"
              },
              {
                "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20221007-0005/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-26373",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T13:20:22.737694Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-05T16:22:27.550Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Intel(R) Processors",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "See references"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-07T00:00:00.000Z",
            "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            "shortName": "intel"
          },
          "references": [
            {
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00706.html"
            },
            {
              "name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html"
            },
            {
              "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20221007-0005/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "assignerShortName": "intel",
        "cveId": "CVE-2022-26373",
        "datePublished": "2022-08-18T00:00:00.000Z",
        "dateReserved": "2022-05-11T00:00:00.000Z",
        "dateUpdated": "2025-05-05T16:22:27.550Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-21180 (GCVE-0-2022-21180)

    Vulnerability from nvd – Published: 2022-06-15 20:04 – Updated: 2025-05-05 16:36
    VLAI
    Summary
    Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • information disclosure
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    n/a Intel(R) Processors Affected: See references
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:31:59.118Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00645.html"
              },
              {
                "name": "[oss-security] 20220616 Xen Security Advisory 404 v2 (CVE-2022-21123,CVE-2022-21125,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/06/16/1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220624-0006/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-21180",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T13:20:35.431351Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20 Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-05T16:36:36.678Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Intel(R) Processors",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "See references"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": " information disclosure ",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-24T15:06:35.000Z",
            "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            "shortName": "intel"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00645.html"
            },
            {
              "name": "[oss-security] 20220616 Xen Security Advisory 404 v2 (CVE-2022-21123,CVE-2022-21125,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/06/16/1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20220624-0006/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@intel.com",
              "ID": "CVE-2022-21180",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Intel(R) Processors",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "See references"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": " information disclosure "
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00645.html",
                  "refsource": "MISC",
                  "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00645.html"
                },
                {
                  "name": "[oss-security] 20220616 Xen Security Advisory 404 v2 (CVE-2022-21123,CVE-2022-21125,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2022/06/16/1"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20220624-0006/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20220624-0006/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "assignerShortName": "intel",
        "cveId": "CVE-2022-21180",
        "datePublished": "2022-06-15T20:04:21.000Z",
        "dateReserved": "2021-11-12T00:00:00.000Z",
        "dateUpdated": "2025-05-05T16:36:36.678Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0005 (GCVE-0-2022-0005)

    Vulnerability from nvd – Published: 2022-05-12 16:36 – Updated: 2025-05-05 16:43
    VLAI
    Summary
    Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • information disclosure
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Intel(R) Processors with SGX Affected: See references
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:18:41.492Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00614.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "PHYSICAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 2.4,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-0005",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T13:20:50.100849Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-319",
                    "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-05T16:43:56.233Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Intel(R) Processors with SGX",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "See references"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-12T16:36:04.000Z",
            "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            "shortName": "intel"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00614.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@intel.com",
              "ID": "CVE-2022-0005",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Intel(R) Processors with SGX",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "See references"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "information disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00614.html",
                  "refsource": "MISC",
                  "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00614.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "assignerShortName": "intel",
        "cveId": "CVE-2022-0005",
        "datePublished": "2022-05-12T16:36:04.000Z",
        "dateReserved": "2021-10-15T00:00:00.000Z",
        "dateUpdated": "2025-05-05T16:43:56.233Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26373 (GCVE-0-2022-26373)

    Vulnerability from cvelistv5 – Published: 2022-08-18 00:00 – Updated: 2025-05-05 16:22
    VLAI
    Summary
    Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a Intel(R) Processors Affected: See references
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:03:32.895Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00706.html"
              },
              {
                "name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html"
              },
              {
                "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20221007-0005/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-26373",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T13:20:22.737694Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-05T16:22:27.550Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Intel(R) Processors",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "See references"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-07T00:00:00.000Z",
            "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            "shortName": "intel"
          },
          "references": [
            {
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00706.html"
            },
            {
              "name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html"
            },
            {
              "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20221007-0005/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "assignerShortName": "intel",
        "cveId": "CVE-2022-26373",
        "datePublished": "2022-08-18T00:00:00.000Z",
        "dateReserved": "2022-05-11T00:00:00.000Z",
        "dateUpdated": "2025-05-05T16:22:27.550Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-21180 (GCVE-0-2022-21180)

    Vulnerability from cvelistv5 – Published: 2022-06-15 20:04 – Updated: 2025-05-05 16:36
    VLAI
    Summary
    Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • information disclosure
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    n/a Intel(R) Processors Affected: See references
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:31:59.118Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00645.html"
              },
              {
                "name": "[oss-security] 20220616 Xen Security Advisory 404 v2 (CVE-2022-21123,CVE-2022-21125,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/06/16/1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220624-0006/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-21180",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T13:20:35.431351Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20 Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-05T16:36:36.678Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Intel(R) Processors",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "See references"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": " information disclosure ",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-24T15:06:35.000Z",
            "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            "shortName": "intel"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00645.html"
            },
            {
              "name": "[oss-security] 20220616 Xen Security Advisory 404 v2 (CVE-2022-21123,CVE-2022-21125,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/06/16/1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20220624-0006/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@intel.com",
              "ID": "CVE-2022-21180",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Intel(R) Processors",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "See references"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": " information disclosure "
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00645.html",
                  "refsource": "MISC",
                  "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00645.html"
                },
                {
                  "name": "[oss-security] 20220616 Xen Security Advisory 404 v2 (CVE-2022-21123,CVE-2022-21125,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2022/06/16/1"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20220624-0006/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20220624-0006/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "assignerShortName": "intel",
        "cveId": "CVE-2022-21180",
        "datePublished": "2022-06-15T20:04:21.000Z",
        "dateReserved": "2021-11-12T00:00:00.000Z",
        "dateUpdated": "2025-05-05T16:36:36.678Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0005 (GCVE-0-2022-0005)

    Vulnerability from cvelistv5 – Published: 2022-05-12 16:36 – Updated: 2025-05-05 16:43
    VLAI
    Summary
    Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • information disclosure
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Intel(R) Processors with SGX Affected: See references
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:18:41.492Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00614.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "PHYSICAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 2.4,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-0005",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T13:20:50.100849Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-319",
                    "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-05T16:43:56.233Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Intel(R) Processors with SGX",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "See references"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-12T16:36:04.000Z",
            "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            "shortName": "intel"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00614.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@intel.com",
              "ID": "CVE-2022-0005",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Intel(R) Processors with SGX",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "See references"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "information disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00614.html",
                  "refsource": "MISC",
                  "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00614.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "assignerShortName": "intel",
        "cveId": "CVE-2022-0005",
        "datePublished": "2022-05-12T16:36:04.000Z",
        "dateReserved": "2021-10-15T00:00:00.000Z",
        "dateUpdated": "2025-05-05T16:43:56.233Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }