CVE-2022-21131

Name: CVE-2022-21131
Creator: NVD / NIST
Published: 2022-05-12T17:15:09.757+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.5/10EPSS 0.29%

Last modified Jun 17, 2026

CVE-2022-21131 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. Improper access control for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.. EPSS estimates a 0.29% chance of exploitation in the next 30 days.

Description

Improper access control for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Metrics

CVSS 3.1

5.5/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Probability

0.29%

20.2th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Intel	Core I9-7940x Firmware	All versions
Intel	Core I9-7960x Firmware	All versions
Intel	Core I9-7980xe Firmware	All versions
Intel	Core I9-7920x Firmware	All versions
Intel	Core I9-7900x Firmware	All versions
Intel	Xeon Gold 6138p Firmware	All versions
Intel	Xeon Bronze 3104 Firmware	All versions
Intel	Xeon Bronze 3106 Firmware	All versions
Intel	Xeon Gold 5115 Firmware	All versions
Intel	Xeon Gold 5118 Firmware	All versions
Intel	Xeon Gold 5119t Firmware	All versions
Intel	Xeon Gold 5120 Firmware	All versions
Intel	Xeon Gold 5120t Firmware	All versions
Intel	Xeon Gold 5122 Firmware	All versions
Intel	Xeon Gold 6126 Firmware	All versions
Intel	Xeon Gold 6126f Firmware	All versions
Intel	Xeon Gold 6126t Firmware	All versions
Intel	Xeon Gold 6128 Firmware	All versions
Intel	Xeon Gold 6130 Firmware	All versions
Intel	Xeon Gold 6130f Firmware	All versions
Intel	Xeon Gold 6130t Firmware	All versions
Intel	Xeon Gold 6132 Firmware	All versions
Intel	Xeon Gold 6134 Firmware	All versions
Intel	Xeon Gold 6136 Firmware	All versions
Intel	Xeon Gold 6138 Firmware	All versions
Intel	Xeon Gold 6138f Firmware	All versions
Intel	Xeon Gold 6138t Firmware	All versions
Intel	Xeon Gold 6140 Firmware	All versions
Intel	Xeon Gold 6142 Firmware	All versions
Intel	Xeon Gold 6142f Firmware	All versions
Intel	Xeon Gold 6144 Firmware	All versions
Intel	Xeon Gold 6146 Firmware	All versions
Intel	Xeon Gold 6148 Firmware	All versions
Intel	Xeon Gold 6148f Firmware	All versions
Intel	Xeon Gold 6150 Firmware	All versions
Intel	Xeon Gold 6152 Firmware	All versions
Intel	Xeon Gold 6154 Firmware	All versions
Intel	Xeon Platinum 8153 Firmware	All versions
Intel	Xeon Platinum 8156 Firmware	All versions
Intel	Xeon Platinum 8158 Firmware	All versions
Intel	Xeon Platinum 8160 Firmware	All versions
Intel	Xeon Platinum 8160f Firmware	All versions
Intel	Xeon Platinum 8160t Firmware	All versions
Intel	Xeon Platinum 8164 Firmware	All versions
Intel	Xeon Platinum 8168 Firmware	All versions
Intel	Xeon Platinum 8170 Firmware	All versions
Intel	Xeon Platinum 8176 Firmware	All versions
Intel	Xeon Platinum 8176f Firmware	All versions
Intel	Xeon Platinum 8180 Firmware	All versions
Intel	Xeon Silver 4108 Firmware	All versions

Showing 50 of 146 affected configurations. See NVD for the full list.

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00616.htmlVendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00616.htmlVendor Advisory

Timeline

Published: May 12, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-21131?

Improper access control for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

How severe is CVE-2022-21131?

CVE-2022-21131 has a CVSS score of 5.5/10 (MEDIUM severity). The EPSS model estimates a 0.29% probability of exploitation in the next 30 days.

How do I fix CVE-2022-21131?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-21131?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST