Main Vulnerability Database Vulnerabilities #VU72456

Incorrect default permissions in 3rd Generation Intel Xeon Scalable Processors and Intel Xeon D Processors - CVE-2022-33196

Published: February 21, 2023

Vulnerability identifier: #VU72456

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-33196

CWE-ID: CWE-276

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Intel

Affected software:
3rd Generation Intel Xeon Scalable Processors
Intel Xeon D Processors

Detailed vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for memory controller configurations for some Intel Xeon processors when using Intel Software Guard Extensions. A local user escalate privileges on the system.

How to mitigate CVE-2022-33196

Install updates from vendor's website.

Sources

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00738.html

Incorrect default permissions in 3rd Generation Intel Xeon Scalable Processors and Intel Xeon D Processors - CVE-2022-33196

Detailed vulnerability description

How to mitigate CVE-2022-33196

Sources

Please verify you're human