CVE-2022-40982
MEDIUMCVSS 6.5/10EPSS 3.91%
Last modified
CVE-2022-40982 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.. EPSS estimates a 3.91% chance of exploitation in the next 30 days.
Description
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Enterprise Linux | 6.0 |
| Redhat | Enterprise Linux | 7.0 |
| Redhat | Enterprise Linux | 8.0 |
| Redhat | Enterprise Linux | 9.0 |
| Xen | Xen | All versions |
| Intel | Microcode | < 20230808 |
| Intel | Xeon E-2314 Firmware | All versions |
| Intel | Xeon E-2324g Firmware | All versions |
| Intel | Xeon E-2334 Firmware | All versions |
| Intel | Xeon E-2374g Firmware | All versions |
| Intel | Xeon E-2336 Firmware | All versions |
| Intel | Xeon E-2356g Firmware | All versions |
| Intel | Xeon E-2386g Firmware | All versions |
| Intel | Xeon E-2378 Firmware | All versions |
| Intel | Xeon E-2378g Firmware | All versions |
| Intel | Xeon E-2388g Firmware | All versions |
| Intel | Xeon W-1350 Firmware | All versions |
| Intel | Xeon W-1350p Firmware | All versions |
| Intel | Xeon W-1370 Firmware | All versions |
| Intel | Xeon W-1370p Firmware | All versions |
| Intel | Xeon W-1390t Firmware | All versions |
| Intel | Xeon W-1390 Firmware | All versions |
| Intel | Xeon W-1390p Firmware | All versions |
| Intel | Core I9-11900t Firmware | All versions |
| Intel | Core I9-11900f Firmware | All versions |
| Intel | Core I9-11900 Firmware | All versions |
| Intel | Core I9-11900kf Firmware | All versions |
| Intel | Core I9-11900k Firmware | All versions |
| Intel | Core I7-11700t Firmware | All versions |
| Intel | Core I7-11700f Firmware | All versions |
| Intel | Core I7-11700 Firmware | All versions |
| Intel | Core I7-11700kf Firmware | All versions |
| Intel | Core I7-11700k Firmware | All versions |
| Intel | Core I5-11400t Firmware | All versions |
| Intel | Core I5-11400f Firmware | All versions |
| Intel | Core I5-11400 Firmware | All versions |
| Intel | Core I5-11500t Firmware | All versions |
| Intel | Core I5-11500 Firmware | All versions |
| Intel | Core I5-11600t Firmware | All versions |
| Intel | Core I5-11600 Firmware | All versions |
| Intel | Core I5-11600kf Firmware | All versions |
| Intel | Core I5-11600k Firmware | All versions |
| Intel | Celeron G5900t Firmware | All versions |
| Intel | Celeron G5920 Firmware | All versions |
| Intel | Celeron G5900 Firmware | All versions |
| Intel | Celeron G5925 Firmware | All versions |
| Intel | Celeron G5905t Firmware | All versions |
| Intel | Celeron G5905 Firmware | All versions |
| Intel | Pentium Gold G6500t Firmware | All versions |
| Intel | Pentium Gold G6600 Firmware | All versions |
Showing 50 of 539 affected configurations. See NVD for the full list.
References
- http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.htmlExploit, Mitigation, Vendor Advisory
- https://access.redhat.com/solutions/7027704Third Party Advisory
- https://aws.amazon.com/security/security-bulletins/AWS-2023-007/Third Party Advisory
- https://downfall.pageExploit, Technical Description, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/08/msg00013.htmlMailing List, Third Party Advisory
- https://security.netapp.com/advisory/ntap-20230811-0001/Third Party Advisory
- https://www.debian.org/security/2023/dsa-5474Mailing List, Third Party Advisory
- https://www.debian.org/security/2023/dsa-5475Mailing List, Third Party Advisory
- https://xenbits.xen.org/xsa/advisory-435.htmlMitigation, Third Party Advisory
- http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.htmlExploit, Mitigation, Vendor Advisory
- https://access.redhat.com/solutions/7027704Third Party Advisory
- https://aws.amazon.com/security/security-bulletins/AWS-2023-007/Third Party Advisory
- https://downfall.pageExploit, Technical Description, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/08/msg00013.htmlMailing List, Third Party Advisory
- https://security.netapp.com/advisory/ntap-20230811-0001/Third Party Advisory
- https://www.debian.org/security/2023/dsa-5474Mailing List, Third Party Advisory
- https://www.debian.org/security/2023/dsa-5475Mailing List, Third Party Advisory
- https://xenbits.xen.org/xsa/advisory-435.htmlMitigation, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-40982?
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
How severe is CVE-2022-40982?
CVE-2022-40982 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 3.91% probability of exploitation in the next 30 days.
How do I fix CVE-2022-40982?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2022-40982?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST