#VU64377 Input validation error in Intel products - CVE-2022-21180
Published: June 14, 2022
Vulnerability identifier: #VU64377
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-21180
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Intel Xeon E Processors
6th Generation Intel Core Processors
Intel Xeon W Processors
Intel Core X-series Processors
10th Generation Intel Core Processors
11th Generation Intel Core Processors
8th Generation Intel Core Processors
Intel Pentium Gold Processor Series
Intel Celeron Processor 5000 Series
Intel Celeron Processors
7th Generation Intel Core Processors
Intel Pentium Processors
Intel Celeron Processor G Series
9th Generation Intel Core Processors
Intel Xeon E Processors
6th Generation Intel Core Processors
Intel Xeon W Processors
Intel Core X-series Processors
10th Generation Intel Core Processors
11th Generation Intel Core Processors
8th Generation Intel Core Processors
Intel Pentium Gold Processor Series
Intel Celeron Processor 5000 Series
Intel Celeron Processors
7th Generation Intel Core Processors
Intel Pentium Processors
Intel Celeron Processor G Series
9th Generation Intel Core Processors
Software vendor:
Intel
Intel
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation in Memory Mapped I/O (MMIO) for some 14nm Client/Xeon E3 Intel® Processors. A local user can pass specially crafted input and perform a denial of service (DoS) attack in certain virtualized environments.
Remediation
Install updates from vendor's website.