SB2022051077 - Fedora 35 update for microcode_ctl

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022051077

SB2022051077 - Fedora 35 update for microcode_ctl

Published: May 10, 2022

Security Bulletin ID SB2022051077
Severity
Low
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Physical access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2022-0005)

The vulnerability allows an attacker to gain access to potentially sensitive information.

The vulnerability exists due to sensitive information becomes accessible by physical probing of JTAG interface in the Intel Software Guard Extensions (SGX) Platform. An attacker with physical access to the affected device can gain access to sensitive data.


2) Improper access control (CVE-ID: CVE-2022-21131)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper access restrictions. A local user can gain access to sensitive information.


3) Input validation error (CVE-ID: CVE-2022-21136)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A local privileged user can perform a denial of service (DoS) attack.


4) Information disclosure (CVE-ID: CVE-2022-21151)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to an error during processor optimization removal or modification of security-critical code. A local privileged user can gain access to potentially sensitive information.


Remediation

Install update from vendor's website.

References