#VU63528 Information disclosure in Intel products - CVE-2022-0005
Published: May 23, 2022
Vulnerability identifier: #VU63528
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-0005
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
6th Generation Intel Core Processors
Intel Xeon E Processors
3rd Generation Intel Xeon Scalable Processors
10th Generation Intel Core Processors
8th Generation Intel Core Processors
7th Generation Intel Core Processors
Intel Pentium Gold Processor Series
Intel Celeron Processor 5000 Series
Intel Celeron Processor G Series
Intel Xeon W Processors
Intel Celeron Processors
11th Generation Intel Core Processors
Intel Core X-series Processors
9th Generation Intel Core Processors
6th Generation Intel Core Processors
Intel Xeon E Processors
3rd Generation Intel Xeon Scalable Processors
10th Generation Intel Core Processors
8th Generation Intel Core Processors
7th Generation Intel Core Processors
Intel Pentium Gold Processor Series
Intel Celeron Processor 5000 Series
Intel Celeron Processor G Series
Intel Xeon W Processors
Intel Celeron Processors
11th Generation Intel Core Processors
Intel Core X-series Processors
9th Generation Intel Core Processors
Software vendor:
Intel
Intel
Description
The vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists due to sensitive information becomes accessible by physical probing of JTAG interface in the Intel Software Guard Extensions (SGX) Platform. An attacker with physical access to the affected device can gain access to sensitive data.
Remediation
Install updates from vendor's website.