CVE-2022-40982 — MEDIUM (6.5)

Q: How severe is CVE-2022-40982?

CVE-2022-40982 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-40982?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Linux, Xen Xen, Intel Microcode, Intel Celeron 5205U, Intel Celeron 5305U.

Vulnerability Description

Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Redhat	Enterprise Linux	6.0
Xen	Xen	-
Intel	Microcode	< 20230808
Intel	Celeron 5205U	-
Intel	Celeron 5305U	-
Intel	Celeron G4900	-
Intel	Celeron G4900T	-
Intel	Celeron G4920	-
Intel	Celeron G5900	-
Intel	Celeron G5900T	-
Intel	Celeron G5905	-
Intel	Celeron G5905T	-
Intel	Celeron G5920	-
Intel	Celeron G5925	-
Intel	Core I3-1000G1	-
Intel	Core I3-1000G4	-
Intel	Core I3-1005G1	-
Intel	Core I3-10100	-
Intel	Core I3-10100F	-
Intel	Core I3-10100T	-

Related Weaknesses (CWE)

CWE-1342 CWE-203

References

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.hExploitMitigationVendor Advisory
https://access.redhat.com/solutions/7027704Third Party Advisory
https://aws.amazon.com/security/security-bulletins/AWS-2023-007/Third Party Advisory
https://downfall.pageExploitTechnical DescriptionThird Party Advisory
https://lists.debian.org/debian-lts-announce/2023/08/msg00013.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2023/08/msg00026.html
https://lists.fedoraproject.org/archives/list/[email protected]
https://lists.fedoraproject.org/archives/list/[email protected]
https://lists.fedoraproject.org/archives/list/[email protected]
https://lists.fedoraproject.org/archives/list/[email protected]
https://security.netapp.com/advisory/ntap-20230811-0001/Third Party Advisory
https://www.debian.org/security/2023/dsa-5474Mailing ListThird Party Advisory
https://www.debian.org/security/2023/dsa-5475Mailing ListThird Party Advisory
https://xenbits.xen.org/xsa/advisory-435.htmlMitigationThird Party Advisory
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.hExploitMitigationVendor Advisory

FAQ

What is CVE-2022-40982?

CVE-2022-40982 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable inf...

How severe is CVE-2022-40982?

CVE-2022-40982 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-40982?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Linux, Xen Xen, Intel Microcode, Intel Celeron 5205U, Intel Celeron 5305U.