#VU64365 Information disclosure in Intel products - CVE-2022-21125
Published: June 14, 2022 / Updated: July 20, 2022
Vulnerability identifier: #VU64365
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-21125
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Intel SGX DCAP for Linux
Intel SGX PSW for Linux
Intel SGX DCAP for Windows
Intel SGX PSW for Windows
Intel SGX SDK for Linux
Intel SGX SDK for Windows
Intel SGX DCAP for Linux
Intel SGX PSW for Linux
Intel SGX DCAP for Windows
Intel SGX PSW for Windows
Intel SGX SDK for Linux
Intel SGX SDK for Windows
Software vendor:
Intel
Intel
Description
The vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists in Intel processors due to excessive data output when DirectPath I/O (PCI-Passthrough) is utilized. An attacker (both local and remote) with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can obtain information stored in physical memory about the hypervisor or other virtual machines that reside on the same host.
Remediation
Install updates from vendor's website.