CVE-2022-21123

MEDIUM

Xen < 1.14.100.3 - Information Disclosure

Title source: rule
STIX 2.1

Description

Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

References (12)

Scores

CVSS v3 5.5
EPSS 0.0046
EPSS Percentile 64.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-459
Status published
Products (12)
debian/debian_linux 9.0
debian/debian_linux 10.0
debian/debian_linux 11.0
fedoraproject/fedora 35
fedoraproject/fedora 36
intel/sgx_dcap < 1.14.100.3 (2 CPE variants)
intel/sgx_psw < 2.16.100.3
intel/sgx_psw < 2.17.100.3
intel/sgx_sdk < 2.16.100.3
intel/sgx_sdk < 2.17.100.3
... and 2 more
Published Jun 15, 2022
Tracked Since Feb 18, 2026