CVE-2022-21131

high-risk

Published 2022-05-12

Improper access control for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Do I need to act?

0.10% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (20)

Core I9-7940X Firmware

Core I9-7960X Firmware

Core I9-7980Xe Firmware

Core I9-7920X Firmware

Core I9-7900X Firmware

Xeon Gold 6138P Firmware

Xeon Bronze 3104 Firmware

Xeon Bronze 3106 Firmware

Xeon Gold 5115 Firmware

Xeon Gold 5118 Firmware

Xeon Gold 5119T Firmware

Xeon Gold 5120 Firmware

Xeon Gold 5120T Firmware

Xeon Gold 5122 Firmware

Xeon Gold 6126 Firmware

Xeon Gold 6126F Firmware

Xeon Gold 6126T Firmware

Xeon Gold 6128 Firmware

Xeon Gold 6130 Firmware

Xeon Gold 6130F Firmware

Affected Vendors

Intel

References (2)

Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00616....

/ 100

high-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 32/34 · Critical