CVE-2022-21123
First published: Wed May 25 2022(Updated: )
A flaw was found in hw. Incomplete cleanup of multi-core shared buffers for some Intel® Processors may allow an authenticated user to enable information disclosure via local access.
Credit: secure@intel.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:3.10.0-1160.76.1.rt56.1220.el7 | 0:3.10.0-1160.76.1.rt56.1220.el7 |
| redhat/kernel | <0:3.10.0-1160.76.1.el7 | 0:3.10.0-1160.76.1.el7 |
| redhat/kernel-rt | <0:4.18.0-372.26.1.rt7.183.el8_6 | 0:4.18.0-372.26.1.rt7.183.el8_6 |
| redhat/kernel | <0:4.18.0-372.26.1.el8_6 | 0:4.18.0-372.26.1.el8_6 |
| redhat/kernel | <0:4.18.0-147.76.1.el8_1 | 0:4.18.0-147.76.1.el8_1 |
| redhat/kernel | <0:4.18.0-193.93.1.el8_2 | 0:4.18.0-193.93.1.el8_2 |
| redhat/kernel-rt | <0:4.18.0-193.93.1.rt13.143.el8_2 | 0:4.18.0-193.93.1.rt13.143.el8_2 |
| redhat/kernel-rt | <0:4.18.0-305.65.1.rt7.137.el8_4 | 0:4.18.0-305.65.1.rt7.137.el8_4 |
| redhat/kernel | <0:4.18.0-305.65.1.el8_4 | 0:4.18.0-305.65.1.el8_4 |
| redhat/kernel | <0:5.14.0-162.6.1.el9_1 | 0:5.14.0-162.6.1.el9_1 |
| redhat/kernel-rt | <0:5.14.0-162.6.1.rt21.168.el9_1 | 0:5.14.0-162.6.1.rt21.168.el9_1 |
| redhat/kernel | <0:5.14.0-70.36.1.el9_0 | 0:5.14.0-70.36.1.el9_0 |
| redhat/kernel-rt | <0:5.14.0-70.36.1.rt21.108.el9_0 | 0:5.14.0-70.36.1.rt21.108.el9_0 |
| debian/intel-microcode | 3.20240813.1~deb11u1 3.20241112.1~deb11u1 3.20241112.1~deb12u1 3.20231114.1~deb12u1 3.20241112.1 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.119-1 6.12.11-1 6.12.12-1 | |
| debian/xen | 4.14.6-1 4.14.5+94-ge49571868d-1 4.17.3+10-g091466ba55-1~deb12u1 4.17.5+23-ga4e5191dc0-1 4.19.1-1 | |
| Xen xen-unstable | ||
| Fedoraproject Fedora | =35 | |
| Fedoraproject Fedora | =36 | |
| Intel sgx dcap linux | <1.14.100.3 | |
| Intel sgx dcap windows | <1.14.100.3 | |
| Intel sgx psw windows | <2.16.100.3 | |
| Intel sgx psw linux | <2.17.100.3 | |
| Intel sgx sdk windows | <2.16.100.3 | |
| Intel sgx sdk linux | <2.17.100.3 | |
| VMware ESXi | =7.0 | |
| VMware ESXi | =7.0-beta | |
| VMware ESXi | =7.0-update_1 | |
| VMware ESXi | =7.0-update_1a | |
| VMware ESXi | =7.0-update_1b | |
| VMware ESXi | =7.0-update_1c | |
| VMware ESXi | =7.0-update_1d | |
| VMware ESXi | =7.0-update_2 | |
| VMware ESXi | =7.0-update_2a | |
| VMware ESXi | =7.0-update_2c | |
| VMware ESXi | =7.0-update_2d | |
| VMware ESXi | =7.0-update_3c | |
| VMware ESXi | =7.0-update_3d | |
| Debian GNU/Linux | =9.0 | |
| Debian GNU/Linux | =10.0 | |
| Debian GNU/Linux | =11.0 |
Remedy
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation baser or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2022-21123 https://nvd.nist.gov/vuln/detail/CVE-2022-21123 https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html
- https://bugzilla.redhat.com/show_bug.cgi?id=2090237
- https://access.redhat.com/errata/RHSA-2022:5939
- https://access.redhat.com/errata/RHSA-2022:5937
- https://access.redhat.com/errata/RHSA-2022:6437
- https://access.redhat.com/errata/RHSA-2022:6460
- https://access.redhat.com/errata/RHSA-2022:6872
- https://access.redhat.com/errata/RHSA-2022:7279
- https://access.redhat.com/errata/RHSA-2022:7280
- https://access.redhat.com/errata/RHSA-2022:6991
- https://access.redhat.com/errata/RHSA-2022:6983
- https://access.redhat.com/errata/RHSA-2022:8267
- https://access.redhat.com/errata/RHSA-2022:7933
- https://access.redhat.com/errata/RHSA-2022:8973
- https://access.redhat.com/errata/RHSA-2022:8974
- https://access.redhat.com/security/cve/cve-2022-21123
- http://www.openwall.com/lists/oss-security/2022/06/16/1
- https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHTEW3RXU2GW6S3RCPQG4VNCZGI3TOSV/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MCVOMHBQRH4KP7IN6U24CW7F2D2L5KBS/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4P2KJYL74KGLHE4JZETVW7PZH6ZIABA/
- https://security.gentoo.org/glsa/202208-23
- https://security.netapp.com/advisory/ntap-20220624-0008/
- https://www.debian.org/security/2022/dsa-5173
- https://www.debian.org/security/2022/dsa-5178
- https://www.debian.org/security/2022/dsa-5184
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html
- https://launchpad.net/bugs/cve/CVE-2022-21123
- https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHTEW3RXU2GW6S3RCPQG4VNCZGI3TOSV/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4P2KJYL74KGLHE4JZETVW7PZH6ZIABA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MCVOMHBQRH4KP7IN6U24CW7F2D2L5KBS/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21123
- https://nvd.nist.gov/vuln/detail/CVE-2022-21123
- https://security-tracker.debian.org/tracker/CVE-2022-21123
- https://ubuntu.com/security/CVE-2022-21123
- https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#SBDR
- https://git.kernel.org/linus/4419470191386456e0b8ed4eb06a70b0021798a6
- https://xenbits.xen.org/xsa/advisory-404.html
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2022-21123?
CVE-2022-21123 is classified as a moderate severity vulnerability.
How do I fix CVE-2022-21123?
To fix CVE-2022-21123, update to the latest kernel versions provided by your distribution, such as 0:3.10.0-1160.76.1.rt56.1220.el7 or equivalent for your system.
Who is affected by CVE-2022-21123?
CVE-2022-21123 affects certain Intel processors and systems running specific kernel versions.
What kind of impact does CVE-2022-21123 have?
CVE-2022-21123 can lead to information disclosure through local access by authenticated users.
What are the affected software versions in CVE-2022-21123?
Affected software versions include specific Red Hat kernels, Debian kernel packages, and Intel microcode versions listed in the vulnerability details.
- collector/redhat-cve
- agent/type
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-21123
- agent/first-publish-date
- agent/weakness
- agent/severity
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/trending
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/description
- agent/event
- agent/source
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- package-manager/redhat
- package-manager/debian
- vendor/xen
- canonical/xen xen-unstable
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/35
- version/fedoraproject fedora/36
- vendor/intel
- canonical/intel sgx dcap linux
- canonical/intel sgx dcap windows
- canonical/intel sgx psw windows
- canonical/intel sgx psw linux
- canonical/intel sgx sdk windows
- canonical/intel sgx sdk linux
- vendor/vmware
- canonical/vmware esxi
- version/vmware esxi/7.0
- version/vmware esxi/7.0-beta
- version/vmware esxi/7.0-update_1
- version/vmware esxi/7.0-update_1a
- version/vmware esxi/7.0-update_1b
- version/vmware esxi/7.0-update_1c
- version/vmware esxi/7.0-update_1d
- version/vmware esxi/7.0-update_2
- version/vmware esxi/7.0-update_2a
- version/vmware esxi/7.0-update_2c
- version/vmware esxi/7.0-update_2d
- version/vmware esxi/7.0-update_3c
- version/vmware esxi/7.0-update_3d
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/9.0
- version/debian gnu/linux/10.0
- version/debian gnu/linux/11.0