Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS2022-2022-070

Related Vulnerabilities: CVE-2022-0005   CVE-2022-21131   CVE-2022-21136   CVE-2022-21151  

Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access. (CVE-2022-0005) A flaw was found in hw. Improper access control for some Intel(R) Xeon(R) processors may potentially allow an authenticated user to enable information disclosure via local access. (CVE-2022-21131) A flaw was found in hw. Improper input validation for some Intel(R) Xeon(R) processors may allow a privileged user to enable a denial of service via local access. (CVE-2022-21136) A flaw was found in hw. Processor optimization removal or modification of security-critical code for some Intel(R) processors may potentially allow an authenticated user to enable information disclosure via local access. (CVE-2022-21151)

Source

ALAS2022-2022-070

Amazon Linux 2022 Security Advisory: ALAS-2022-070
Advisory Release Date: 2022-05-18 00:25 Pacific
Advisory Updated Date: 2022-05-19 18:15 Pacific
Severity: Medium
Issue Overview:

Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access. (CVE-2022-0005)

A flaw was found in hw. Improper access control for some Intel(R) Xeon(R) processors may potentially allow an authenticated user to enable information disclosure via local access. (CVE-2022-21131)

A flaw was found in hw. Improper input validation for some Intel(R) Xeon(R) processors may allow a privileged user to enable a denial of service via local access. (CVE-2022-21136)

A flaw was found in hw. Processor optimization removal or modification of security-critical code for some Intel(R) processors may potentially allow an authenticated user to enable information disclosure via local access. (CVE-2022-21151)


Affected Packages:

microcode_ctl


Issue Correction:
Run dnf update --releasever=2022.0.20220518 microcode_ctl to update your system.

New Packages:
i686:
    microcode_ctl-2.1-51.amzn2022.i686

src:
    microcode_ctl-2.1-51.amzn2022.src

x86_64:
    microcode_ctl-2.1-51.amzn2022.x86_64

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started