CVSS: 6.5EPSS: 0%CPEs: 504EXPL: 0CVE-2022-0002 – hw: cpu: intel: Intra-Mode BTI
https://notcve.org/view.php?id=CVE-2022-0002
Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. La compartición no transparente de selectores de predicción de rama dentro de un contexto en algunos procesadores Intel(R) puede permitir que un usuario autorizado permita potencialmente una divulgación de información por medio del acceso local A flaw was found in hw. The Intra-mode BTI refers to a variant of Branch Target Injection aka SpectreV2 (BTI) where an indirect branch speculates to an aliased predictor entry for a different indirect branch in the same predictor mode, and a disclosure gadget at the predicted target transiently executes. These predictor entries may contain targets corresponding to the targets of an indirect near jump, indirect near call, and near return instructions, even if these branches were only transiently executed. The managed runtimes provide an attacker with the means to create the aliasing required for intra-mode BTI attacks. • http://www.openwall.com/lists/oss-security/2022/03/18/2 https://security.netapp.com/advisory/ntap-20220818-0004 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2022-0002 https://bugzilla.redhat.com/show_bug.cgi?id=2061721 •
CVSS: 5.5EPSS: 0%CPEs: 50EXPL: 0CVE-2021-33120
https://notcve.org/view.php?id=CVE-2021-33120
Out of bounds read under complex microarchitectural condition in memory subsystem for some Intel Atom(R) Processors may allow authenticated user to potentially enable information disclosure or cause denial of service via network access. Una lectura fuera de límites bajo una condición micro arquitectónica compleja en el subsistema de memoria para algunos procesadores Intel Atom(R) puede permitir a un usuario autenticado habilitar potencialmente una divulgación de información o causar una denegación de servicio por medio del acceso a la red • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00589.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 548EXPL: 0CVE-2020-24486
https://notcve.org/view.php?id=CVE-2020-24486
Improper input validation in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access. Una comprobación de entrada inapropiada en el firmware de algunos Intel® Processors puede permitir a un usuario autenticado permitir potencialmente una denegación de servicio por medio de un acceso local • https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf https://security.netapp.com/advisory/ntap-20210702-0002 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00463.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 552EXPL: 0CVE-2020-12360
https://notcve.org/view.php?id=CVE-2020-12360
Out of bounds read in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. Una lectura fuera de límites en el firmware de algunos Intel® Processors puede permitir a un usuario autenticado permitir potencialmente una escalada de privilegios por medio de un acceso local • https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf https://security.netapp.com/advisory/ntap-20210702-0002 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00463.html • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 539EXPL: 0CVE-2021-0095
https://notcve.org/view.php?id=CVE-2021-0095
Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access. Una inicialización inapropiada en el firmware de algunos Intel® Processors puede habilitar a un usuario privilegiado para permitir potencialmente una denegación de servicio por medio de un acceso local • https://security.netapp.com/advisory/ntap-20210625-0009 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00463.html • CWE-665: Improper Initialization •