CVE-2022-21125
First published: Wed May 25 2022(Updated: )
A flaw was found in hw. Incomplete cleanup of microarchitectural fill buffers on some Intel® Processors may allow an authenticated user to enable information disclosure via local access.
Credit: secure@intel.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:3.10.0-1160.76.1.rt56.1220.el7 | 0:3.10.0-1160.76.1.rt56.1220.el7 |
| redhat/kernel | <0:3.10.0-1160.76.1.el7 | 0:3.10.0-1160.76.1.el7 |
| redhat/kernel-rt | <0:4.18.0-372.26.1.rt7.183.el8_6 | 0:4.18.0-372.26.1.rt7.183.el8_6 |
| redhat/kernel | <0:4.18.0-372.26.1.el8_6 | 0:4.18.0-372.26.1.el8_6 |
| redhat/kernel | <0:4.18.0-147.76.1.el8_1 | 0:4.18.0-147.76.1.el8_1 |
| redhat/kernel | <0:4.18.0-193.93.1.el8_2 | 0:4.18.0-193.93.1.el8_2 |
| redhat/kernel-rt | <0:4.18.0-193.93.1.rt13.143.el8_2 | 0:4.18.0-193.93.1.rt13.143.el8_2 |
| redhat/kernel-rt | <0:4.18.0-305.65.1.rt7.137.el8_4 | 0:4.18.0-305.65.1.rt7.137.el8_4 |
| redhat/kernel | <0:4.18.0-305.65.1.el8_4 | 0:4.18.0-305.65.1.el8_4 |
| redhat/kernel | <0:5.14.0-162.6.1.el9_1 | 0:5.14.0-162.6.1.el9_1 |
| redhat/kernel-rt | <0:5.14.0-162.6.1.rt21.168.el9_1 | 0:5.14.0-162.6.1.rt21.168.el9_1 |
| redhat/kernel | <0:5.14.0-70.36.1.el9_0 | 0:5.14.0-70.36.1.el9_0 |
| redhat/kernel-rt | <0:5.14.0-70.36.1.rt21.108.el9_0 | 0:5.14.0-70.36.1.rt21.108.el9_0 |
| debian/intel-microcode | 3.20240813.1~deb11u1 3.20241112.1~deb11u1 3.20241112.1~deb12u1 3.20231114.1~deb12u1 3.20241112.1 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.119-1 6.12.10-1 | |
| debian/xen | 4.14.6-1 4.14.5+94-ge49571868d-1 4.17.3+10-g091466ba55-1~deb12u1 4.17.5+23-ga4e5191dc0-1 4.17.3+36-g54dacb5c02-1 4.19.1-1 | |
| Xen xen-unstable | ||
| Fedoraproject Fedora | =35 | |
| Fedoraproject Fedora | =36 | |
| Intel sgx dcap linux | <1.14.100.3 | |
| Intel sgx dcap windows | <1.14.100.3 | |
| Intel sgx psw windows | <2.16.100.3 | |
| Intel sgx psw linux | <2.17.100.3 | |
| Intel sgx sdk windows | <2.16.100.3 | |
| Intel sgx sdk linux | <2.17.100.3 | |
| VMware ESXi | =7.0 | |
| VMware ESXi | =7.0-beta | |
| VMware ESXi | =7.0-update_1 | |
| VMware ESXi | =7.0-update_1a | |
| VMware ESXi | =7.0-update_1b | |
| VMware ESXi | =7.0-update_1c | |
| VMware ESXi | =7.0-update_1d | |
| VMware ESXi | =7.0-update_2 | |
| VMware ESXi | =7.0-update_2a | |
| VMware ESXi | =7.0-update_2c | |
| VMware ESXi | =7.0-update_2d | |
| VMware ESXi | =7.0-update_3c | |
| VMware ESXi | =7.0-update_3d | |
| Debian GNU/Linux | =9.0 | |
| Debian GNU/Linux | =10.0 | |
| Debian GNU/Linux | =11.0 |
Remedy
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation baser or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2022-21125 https://nvd.nist.gov/vuln/detail/CVE-2022-21125 https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html
- https://bugzilla.redhat.com/show_bug.cgi?id=2090240
- https://access.redhat.com/errata/RHSA-2022:5939
- https://access.redhat.com/errata/RHSA-2022:5937
- https://access.redhat.com/errata/RHSA-2022:6437
- https://access.redhat.com/errata/RHSA-2022:6460
- https://access.redhat.com/errata/RHSA-2022:6872
- https://access.redhat.com/errata/RHSA-2022:7279
- https://access.redhat.com/errata/RHSA-2022:7280
- https://access.redhat.com/errata/RHSA-2022:6991
- https://access.redhat.com/errata/RHSA-2022:6983
- https://access.redhat.com/errata/RHSA-2022:8267
- https://access.redhat.com/errata/RHSA-2022:7933
- https://access.redhat.com/errata/RHSA-2022:8973
- https://access.redhat.com/errata/RHSA-2022:8974
- https://access.redhat.com/security/cve/cve-2022-21125
- http://www.openwall.com/lists/oss-security/2022/06/16/1
- http://xenbits.xen.org/xsa/advisory-404.html
- https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHTEW3RXU2GW6S3RCPQG4VNCZGI3TOSV/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MCVOMHBQRH4KP7IN6U24CW7F2D2L5KBS/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4P2KJYL74KGLHE4JZETVW7PZH6ZIABA/
- https://security.gentoo.org/glsa/202208-23
- https://security.netapp.com/advisory/ntap-20220624-0008/
- https://www.debian.org/security/2022/dsa-5173
- https://www.debian.org/security/2022/dsa-5178
- https://www.debian.org/security/2022/dsa-5184
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html
- https://launchpad.net/bugs/cve/CVE-2022-21125
- https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHTEW3RXU2GW6S3RCPQG4VNCZGI3TOSV/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4P2KJYL74KGLHE4JZETVW7PZH6ZIABA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MCVOMHBQRH4KP7IN6U24CW7F2D2L5KBS/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21125
- https://nvd.nist.gov/vuln/detail/CVE-2022-21125
- https://security-tracker.debian.org/tracker/CVE-2022-21125
- https://ubuntu.com/security/CVE-2022-21125
- https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#SBDS
- https://git.kernel.org/linus/4419470191386456e0b8ed4eb06a70b0021798a6
- https://xenbits.xen.org/xsa/advisory-404.html
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2022-21125?
The severity of CVE-2022-21125 is considered moderate due to its potential for information disclosure.
How do I fix CVE-2022-21125?
To fix CVE-2022-21125, update to the appropriate patched kernel version as specified in the remediation details.
Which systems are affected by CVE-2022-21125?
CVE-2022-21125 affects certain Intel® Processors and various Linux kernel versions across different distributions.
What is the impact of CVE-2022-21125?
The impact of CVE-2022-21125 includes potential information disclosure to authenticated users via local access.
Can CVE-2022-21125 be exploited remotely?
No, CVE-2022-21125 requires local access to the system for exploitation.
- collector/redhat-cve
- agent/type
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-21125
- agent/first-publish-date
- agent/weakness
- agent/severity
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/description
- agent/event
- agent/trending
- agent/source
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- package-manager/redhat
- package-manager/debian
- vendor/xen
- canonical/xen xen-unstable
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/35
- version/fedoraproject fedora/36
- vendor/intel
- canonical/intel sgx dcap linux
- canonical/intel sgx dcap windows
- canonical/intel sgx psw windows
- canonical/intel sgx psw linux
- canonical/intel sgx sdk windows
- canonical/intel sgx sdk linux
- vendor/vmware
- canonical/vmware esxi
- version/vmware esxi/7.0
- version/vmware esxi/7.0-beta
- version/vmware esxi/7.0-update_1
- version/vmware esxi/7.0-update_1a
- version/vmware esxi/7.0-update_1b
- version/vmware esxi/7.0-update_1c
- version/vmware esxi/7.0-update_1d
- version/vmware esxi/7.0-update_2
- version/vmware esxi/7.0-update_2a
- version/vmware esxi/7.0-update_2c
- version/vmware esxi/7.0-update_2d
- version/vmware esxi/7.0-update_3c
- version/vmware esxi/7.0-update_3d
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/9.0
- version/debian gnu/linux/10.0
- version/debian gnu/linux/11.0