Vulnerabilities > CVE-2022-21127 - Incomplete Cleanup vulnerability in multiple products

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

NVD

Published: 2022-06-15

Updated: 2023-01-31

Summary

Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Vulnerable Configurations

Part	Description	Count
OS	Xen XEN XEN *	1
OS	Debian Debian Debian Linux 10.0 Debian Debian Linux 11.0	2
Application	Intel Intel SGX Dcap - Intel SGX Dcap 1.10.100.4 Intel SGX PSW - Intel SGX PSW 2.13.100.4 Intel SGX PSW 2.12.100.4 Intel SGX SDK - Intel SGX SDK 2.12 Intel SGX SDK 2.13.100.4 Intel SGX SDK 2.12.100.4 Intel SGX SDK 2.13	14

Common Weakness Enumeration (CWE)

CWE-459 - Incomplete Cleanup

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html
http://www.openwall.com/lists/oss-security/2022/06/16/1
https://security.netapp.com/advisory/ntap-20220624-0008/
https://www.debian.org/security/2022/dsa-5178