CVE-2022-21166

MEDIUM

Xen < 1.14.100.3 - Information Disclosure

Title source: rule
STIX 2.1

Description

Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

References (12)

Scores

CVSS v3 5.5
EPSS 0.0019
EPSS Percentile 39.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-459
Status published
Products (12)
debian/debian_linux 9.0
debian/debian_linux 10.0
debian/debian_linux 11.0
fedoraproject/fedora 35
fedoraproject/fedora 36
intel/sgx_dcap < 1.14.100.3 (2 CPE variants)
intel/sgx_psw < 2.16.100.3
intel/sgx_psw < 2.17.100.3
intel/sgx_sdk < 2.16.100.3
intel/sgx_sdk < 2.17.100.3
... and 2 more
Published Jun 15, 2022
Tracked Since Feb 18, 2026