CVE-2022-40982

MEDIUM

Intel(R) Processors - Info Disclosure

Title source: llm
STIX 2.1

Description

Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

References (15)

Core 15
Core References
Exploit, Technical Description, Third Party Advisory
https://downfall.page
Mailing List, Third Party Advisory
https://www.debian.org/security/2023/dsa-5474
Mailing List, Third Party Advisory
https://www.debian.org/security/2023/dsa-5475
Mitigation, Third Party Advisory
https://xenbits.xen.org/xsa/advisory-435.html

Scores

CVSS v3 6.5
EPSS 0.0073
EPSS Percentile 72.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-1342 CWE-203
Status published
Products (50)
debian/debian_linux 10.0
debian/debian_linux 11.0
debian/debian_linux 12.0
intel/celeron_5205u_firmware
intel/celeron_5305u_firmware
intel/celeron_g4900_firmware
intel/celeron_g4900t_firmware
intel/celeron_g4920_firmware
intel/celeron_g5900_firmware
intel/celeron_g5900t_firmware
... and 40 more
Published Aug 11, 2023
Tracked Since Feb 18, 2026