CVE-2022-21123
First published: Wed May 25 2022(Updated: )
A flaw was found in hw. Incomplete cleanup of multi-core shared buffers for some Intel® Processors may allow an authenticated user to enable information disclosure via local access.
Credit: secure@intel.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:3.10.0-1160.76.1.rt56.1220.el7 | 0:3.10.0-1160.76.1.rt56.1220.el7 |
| redhat/kernel | <0:3.10.0-1160.76.1.el7 | 0:3.10.0-1160.76.1.el7 |
| redhat/kernel-rt | <0:4.18.0-372.26.1.rt7.183.el8_6 | 0:4.18.0-372.26.1.rt7.183.el8_6 |
| redhat/kernel | <0:4.18.0-372.26.1.el8_6 | 0:4.18.0-372.26.1.el8_6 |
| redhat/kernel | <0:4.18.0-147.76.1.el8_1 | 0:4.18.0-147.76.1.el8_1 |
| redhat/kernel | <0:4.18.0-193.93.1.el8_2 | 0:4.18.0-193.93.1.el8_2 |
| redhat/kernel-rt | <0:4.18.0-193.93.1.rt13.143.el8_2 | 0:4.18.0-193.93.1.rt13.143.el8_2 |
| redhat/kernel-rt | <0:4.18.0-305.65.1.rt7.137.el8_4 | 0:4.18.0-305.65.1.rt7.137.el8_4 |
| redhat/kernel | <0:4.18.0-305.65.1.el8_4 | 0:4.18.0-305.65.1.el8_4 |
| redhat/kernel | <0:5.14.0-162.6.1.el9_1 | 0:5.14.0-162.6.1.el9_1 |
| redhat/kernel-rt | <0:5.14.0-162.6.1.rt21.168.el9_1 | 0:5.14.0-162.6.1.rt21.168.el9_1 |
| redhat/kernel | <0:5.14.0-70.36.1.el9_0 | 0:5.14.0-70.36.1.el9_0 |
| redhat/kernel-rt | <0:5.14.0-70.36.1.rt21.108.el9_0 | 0:5.14.0-70.36.1.rt21.108.el9_0 |
| Xen XAPI | ||
| Fedora | =35 | |
| Fedora | =36 | |
| Intel SGX DCAP for Linux | <1.14.100.3 | |
| Makves DCAP | <1.14.100.3 | |
| Intel SGX Platform Software (PSW) | <2.16.100.3 | |
| Intel SGX PSW | <2.17.100.3 | |
| Intel SGX SDK for Windows | <2.16.100.3 | |
| Intel SGX SDK for Linux | <2.17.100.3 | |
| VMware ESXi | =7.0 | |
| VMware ESXi | =7.0-beta | |
| VMware ESXi | =7.0-update_1 | |
| VMware ESXi | =7.0-update_1a | |
| VMware ESXi | =7.0-update_1b | |
| VMware ESXi | =7.0-update_1c | |
| VMware ESXi | =7.0-update_1d | |
| VMware ESXi | =7.0-update_2 | |
| VMware ESXi | =7.0-update_2a | |
| VMware ESXi | =7.0-update_2c | |
| VMware ESXi | =7.0-update_2d | |
| VMware ESXi | =7.0-update_3c | |
| VMware ESXi | =7.0-update_3d | |
| Debian | =9.0 | |
| Debian | =10.0 | |
| Debian | =11.0 | |
| debian/intel-microcode | 3.20240813.1~deb11u1 3.20241112.1~deb11u1 3.20241112.1~deb12u1 3.20231114.1~deb12u1 3.20250211.1 | |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.17-1 | |
| debian/xen | 4.14.6-1 4.14.5+94-ge49571868d-1 4.17.3+10-g091466ba55-1~deb12u1 4.17.5+23-ga4e5191dc0-1 4.19.1-1 4.20.0-1 |
Remedy
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation baser or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2022-21123 https://nvd.nist.gov/vuln/detail/CVE-2022-21123 https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html
- https://bugzilla.redhat.com/show_bug.cgi?id=2090237
- https://access.redhat.com/errata/RHSA-2022:5939
- https://access.redhat.com/errata/RHSA-2022:5937
- https://access.redhat.com/errata/RHSA-2022:6437
- https://access.redhat.com/errata/RHSA-2022:6460
- https://access.redhat.com/errata/RHSA-2022:6872
- https://access.redhat.com/errata/RHSA-2022:7279
- https://access.redhat.com/errata/RHSA-2022:7280
- https://access.redhat.com/errata/RHSA-2022:6991
- https://access.redhat.com/errata/RHSA-2022:6983
- https://access.redhat.com/errata/RHSA-2022:8267
- https://access.redhat.com/errata/RHSA-2022:7933
- https://access.redhat.com/errata/RHSA-2022:8973
- https://access.redhat.com/errata/RHSA-2022:8974
- https://access.redhat.com/security/cve/cve-2022-21123
- http://www.openwall.com/lists/oss-security/2022/06/16/1
- https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHTEW3RXU2GW6S3RCPQG4VNCZGI3TOSV/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MCVOMHBQRH4KP7IN6U24CW7F2D2L5KBS/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4P2KJYL74KGLHE4JZETVW7PZH6ZIABA/
- https://security.gentoo.org/glsa/202208-23
- https://security.netapp.com/advisory/ntap-20220624-0008/
- https://www.debian.org/security/2022/dsa-5173
- https://www.debian.org/security/2022/dsa-5178
- https://www.debian.org/security/2022/dsa-5184
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html
- https://launchpad.net/bugs/cve/CVE-2022-21123
- https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHTEW3RXU2GW6S3RCPQG4VNCZGI3TOSV/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4P2KJYL74KGLHE4JZETVW7PZH6ZIABA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MCVOMHBQRH4KP7IN6U24CW7F2D2L5KBS/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21123
- https://nvd.nist.gov/vuln/detail/CVE-2022-21123
- https://security-tracker.debian.org/tracker/CVE-2022-21123
- https://ubuntu.com/security/CVE-2022-21123
- https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#SBDR
- https://git.kernel.org/linus/4419470191386456e0b8ed4eb06a70b0021798a6
- https://xenbits.xen.org/xsa/advisory-404.html
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2022-21123?
CVE-2022-21123 is classified as a moderate severity vulnerability.
How do I fix CVE-2022-21123?
To fix CVE-2022-21123, update to the latest kernel versions provided by your distribution, such as 0:3.10.0-1160.76.1.rt56.1220.el7 or equivalent for your system.
Who is affected by CVE-2022-21123?
CVE-2022-21123 affects certain Intel processors and systems running specific kernel versions.
What kind of impact does CVE-2022-21123 have?
CVE-2022-21123 can lead to information disclosure through local access by authenticated users.
What are the affected software versions in CVE-2022-21123?
Affected software versions include specific Red Hat kernels, Debian kernel packages, and Intel microcode versions listed in the vulnerability details.
- collector/redhat-cve
- agent/type
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-21123
- agent/first-publish-date
- agent/weakness
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/trending
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/source
- agent/author
- collector/usn-cve
- source/Ubuntu
- agent/description
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/xen
- canonical/xen xapi
- vendor/fedoraproject
- canonical/fedora
- version/fedora/35
- version/fedora/36
- vendor/intel
- canonical/intel sgx dcap for linux
- canonical/makves dcap
- canonical/intel sgx platform software (psw)
- canonical/intel sgx psw
- canonical/intel sgx sdk for windows
- canonical/intel sgx sdk for linux
- vendor/vmware
- canonical/vmware esxi
- version/vmware esxi/7.0
- version/vmware esxi/7.0-beta
- version/vmware esxi/7.0-update_1
- version/vmware esxi/7.0-update_1a
- version/vmware esxi/7.0-update_1b
- version/vmware esxi/7.0-update_1c
- version/vmware esxi/7.0-update_1d
- version/vmware esxi/7.0-update_2
- version/vmware esxi/7.0-update_2a
- version/vmware esxi/7.0-update_2c
- version/vmware esxi/7.0-update_2d
- version/vmware esxi/7.0-update_3c
- version/vmware esxi/7.0-update_3d
- vendor/debian
- canonical/debian
- version/debian/9.0
- version/debian/10.0
- version/debian/11.0
- package-manager/debian