CVE-2022-40982
high-risk
Published 2023-08-11
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Do I need to act?
-
0.85% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10
Medium
LOCAL
/ LOW complexity
Affected Products (20)
Microcode
References (29)
Third Party Advisory
https://access.redhat.com/solutions/7027704
Third Party Advisory
https://aws.amazon.com/security/security-bulletins/AWS-2023-007/
Exploit
https://downfall.page
Third Party Advisory
https://security.netapp.com/advisory/ntap-20230811-0001/
Mailing List
https://www.debian.org/security/2023/dsa-5474
Mailing List
https://www.debian.org/security/2023/dsa-5475
Third Party Advisory
https://access.redhat.com/solutions/7027704
Third Party Advisory
https://aws.amazon.com/security/security-bulletins/AWS-2023-007/
Exploit
https://downfall.page
and 9 more references
57
/ 100
high-risk
Severity
21/34 · High
Exploitability
3/34 · Minimal
Exposure
33/34 · Critical