CVE-2022-41804
high-risk
Published 2023-08-11
Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
Do I need to act?
-
0.02% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.2/10
High
LOCAL
/ HIGH complexity
Affected Products (20)
Xeon Gold 5315Y Firmware
Xeon Gold 5317 Firmware
Xeon Gold 5318N Firmware
Xeon Gold 5318S Firmware
Xeon Gold 5318Y Firmware
Xeon Gold 5320 Firmware
Xeon Gold 5320T Firmware
Xeon Gold 6312U Firmware
Xeon Gold 6314U Firmware
Xeon Gold 6326 Firmware
Xeon Gold 6330 Firmware
Xeon Gold 6330N Firmware
Xeon Gold 6334 Firmware
Xeon Gold 6336Y Firmware
Xeon Gold 6338 Firmware
Xeon Gold 6338N Firmware
Xeon Gold 6338T Firmware
Affected Vendors
References (12)
Third Party Advisory
https://www.debian.org/security/2023/dsa-5474
Third Party Advisory
https://www.debian.org/security/2023/dsa-5474
52
/ 100
high-risk
Severity
19/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
33/34 · Critical