CVE-2022-40982

Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Published: Aug 11, 2023
Updated: Aug 16, 2023
CVE: CVE-2022-40982
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWEs:

CWE-203

Affected Software
References

Software	From	Fixed in
redhat / enterprise_linux	7.0	7.0.x
redhat / enterprise_linux	6.0	6.0.x
redhat / enterprise_linux	8.0	8.0.x
redhat / enterprise_linux	9.0	9.0.x
intel / microcode	-	20230808
debian / debian_linux	10.0	10.0.x
debian / debian_linux	11.0	11.0.x
debian / debian_linux	12.0	12.0.x
netapp / all_flash_fabric-attached_storage_c250	-	-
netapp / all_flash_fabric-attached_storage_500f	-	-
netapp / all_flash_fabric-attached_storage_a250	-	-

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html
http://xenbits.xen.org/xsa/advisory-435.html
https://access.redhat.com/solutions/7027704
https://aws.amazon.com/security/security-bulletins/AWS-2023-007/
https://downfall.page
https://lists.debian.org/debian-lts-announce/2023/08/msg00013.html
https://lists.debian.org/debian-lts-announce/2023/08/msg00026.html
https://lists.fedoraproject.org/archives/list/[email protected]/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/
https://lists.fedoraproject.org/archives/list/[email protected]/message/HKREYYTWUY7ZDNIB2N6H5BUJ3LE5VZPE/
https://lists.fedoraproject.org/archives/list/[email protected]/message/OL7WI2TJCWSZIQP2RIOLWHOKLM25M44J/
https://lists.fedoraproject.org/archives/list/[email protected]/message/T7WO5JM74YJSYAE5RBV4DC6A4YLEKWLF/
https://security.netapp.com/advisory/ntap-20230811-0001/
https://www.debian.org/security/2023/dsa-5474
https://www.debian.org/security/2023/dsa-5475
https://xenbits.xen.org/xsa/advisory-435.html

Vulnerability Database

289,599

CVE-2022-40982