Page 3 of 67 results (0.010 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1346EXPL: 0

CVE-2021-33123

https://notcve.org/view.php?id=CVE-2021-33123

Improper access control in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. Un control de acceso inapropiado en el módulo de código autenticado de la BIOS para algunos procesadores Intel(R) puede permitir que un usuario privilegiado permita potencialmente una escalada de privilegios por medio del acceso local • https://security.netapp.com/advisory/ntap-20220818-0003 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html •

CVSS: 5.5EPSS: 0%CPEs: 292EXPL: 0

CVE-2022-21136

https://notcve.org/view.php?id=CVE-2022-21136

Improper input validation for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable denial of service via local access. Una comprobación de entrada inapropiada para algunos procesadores Intel(R) Xeon(R) puede permitir que un usuario privilegiado permita potencialmente la denegación de servicio por medio del acceso local • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00616.html • CWE-20: Improper Input Validation •

CVSS: 5.5EPSS: 0%CPEs: 292EXPL: 0

CVE-2022-21131

https://notcve.org/view.php?id=CVE-2022-21131

Improper access control for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Un control de acceso inapropiado para algunos procesadores Intel(R) Xeon(R) puede permitir que un usuario autenticado permita potencialmente una divulgación de información por medio del acceso local • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00616.html •

CVSS: 6.5EPSS: 0%CPEs: 458EXPL: 0

CVE-2022-0001 – hw: cpu: intel: Branch History Injection (BHI)

https://notcve.org/view.php?id=CVE-2022-0001

Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. La compartición no transparente de selectores de predicción de rama entre contextos en algunos procesadores Intel(R) puede permitir que un usuario autorizado permita potencialmente una divulgación de información por medio del acceso local A flaw was found in hw. The Branch History Injection (BHI) describes a specific form of intra-mode BTI. This flaw allows an unprivileged attacker to manipulate the branch history before transitioning to supervisor or VMX root mode. This issue is an effort to cause an indirect branch predictor to select a specific predictor entry for an indirect branch, and a disclosure gadget at the predicted target will transiently execute. • http://www.openwall.com/lists/oss-security/2022/03/18/2 https://security.netapp.com/advisory/ntap-20220818-0004 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html https://www.kb.cert.org/vuls/id/155143 https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2022-0001 https://bugzilla.redhat.com/show_bug.cgi?id=2061712 •

CVSS: 6.5EPSS: 0%CPEs: 504EXPL: 0

CVE-2022-0002 – hw: cpu: intel: Intra-Mode BTI

https://notcve.org/view.php?id=CVE-2022-0002

Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. La compartición no transparente de selectores de predicción de rama dentro de un contexto en algunos procesadores Intel(R) puede permitir que un usuario autorizado permita potencialmente una divulgación de información por medio del acceso local A flaw was found in hw. The Intra-mode BTI refers to a variant of Branch Target Injection aka SpectreV2 (BTI) where an indirect branch speculates to an aliased predictor entry for a different indirect branch in the same predictor mode, and a disclosure gadget at the predicted target transiently executes. These predictor entries may contain targets corresponding to the targets of an indirect near jump, indirect near call, and near return instructions, even if these branches were only transiently executed. The managed runtimes provide an attacker with the means to create the aliasing required for intra-mode BTI attacks. • http://www.openwall.com/lists/oss-security/2022/03/18/2 https://security.netapp.com/advisory/ntap-20220818-0004 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2022-0002 https://bugzilla.redhat.com/show_bug.cgi?id=2061721 •