CVE-2022-0002

high-risk
Published 2022-03-11

Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

Do I need to act?

-
0.69% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10 Medium
LOCAL / LOW complexity

Affected Products (20)

Atom C3308
Atom C3336
Atom C3338
Atom C3338R
Atom C3436L
Atom C3508
Atom C3538
Atom C3558
Atom C3558R
Atom C3558Rc
Atom C3708
Atom C3750
Atom C3758
Atom C3758R
Atom C3808
Atom C3830
Atom C3850
Atom C3858
Atom C3950
Atom C3955

Affected Vendors

Oracle Intel

References (8)

Mailing List http://www.openwall.com/lists/oss-security/2022/03/18/2
Third Party Advisory https://security.netapp.com/advisory/ntap-20220818-0004/
Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598....
Patch https://www.oracle.com/security-alerts/cpujul2022.html
Mailing List http://www.openwall.com/lists/oss-security/2022/03/18/2
Third Party Advisory https://security.netapp.com/advisory/ntap-20220818-0004/
Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598....
Patch https://www.oracle.com/security-alerts/cpujul2022.html
56
/ 100
high-risk
Severity 21/34 · High
Exploitability 2/34 · Minimal
Exposure 33/34 · Critical