CVE-2023-22329
https://notcve.org/view.php?id=CVE-2023-22329
Improper input validation in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via adjacent access. La validación de entrada incorrecta en el firmware del BIOS para Intel(R) Processors puede permitir que un usuario autenticado potencialmente habilite la denegación de servicio a través del acceso adyacente. • https://security.netapp.com/advisory/ntap-20231221-0008 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00924.html • CWE-20: Improper Input Validation •
CVE-2023-25756
https://notcve.org/view.php?id=CVE-2023-25756
Out-of-bounds read in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via adjacent access. La lectura fuera de los límites en el firmware del BIOS para Intel(R) Processors puede permitir que un usuario autenticado potencialmente habilite la escalada de privilegios a través del acceso adyacente. • https://security.netapp.com/advisory/ntap-20231221-0008 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00924.html • CWE-125: Out-of-bounds Read •
CVE-2022-44611
https://notcve.org/view.php?id=CVE-2022-44611
Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. Una validación de entrada inadecuada en el firmware de la BIOS para algunos procesadores Intel(R) puede permitir que un usuario con privilegios habilite potencialmente una escalada de privilegios a través de un acceso adyacente. • http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00813.html https://security.netapp.com/advisory/ntap-20230824-0001 • CWE-20: Improper Input Validation •
CVE-2022-21233 – hw: cpu: Intel: Stale Data Read from legacy xAPIC vulnerability
https://notcve.org/view.php?id=CVE-2022-21233
Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. Un aislamiento inapropiado de los recursos compartidos en algunos procesadores Intel(R) puede permitir que un usuario privilegiado permita potencialmente la divulgación de información a través del acceso local. A flaw was found in hw. The APIC can operate in xAPIC mode (also known as a legacy mode), in which APIC configuration registers are exposed through a memory-mapped I/O (MMIO) page. This flaw allows an attacker who can execute code on a target CPU to query the APIC configuration page. • https://lists.debian.org/debian-lts-announce/2023/04/msg00000.html https://security.netapp.com/advisory/ntap-20220923-0002 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html https://access.redhat.com/security/cve/CVE-2022-21233 https://bugzilla.redhat.com/show_bug.cgi?id=2115640 https://access.redhat.com/solutions/6971358 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2022-0001 – hw: cpu: intel: Branch History Injection (BHI)
https://notcve.org/view.php?id=CVE-2022-0001
Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. La compartición no transparente de selectores de predicción de rama entre contextos en algunos procesadores Intel(R) puede permitir que un usuario autorizado permita potencialmente una divulgación de información por medio del acceso local A flaw was found in hw. The Branch History Injection (BHI) describes a specific form of intra-mode BTI. This flaw allows an unprivileged attacker to manipulate the branch history before transitioning to supervisor or VMX root mode. This issue is an effort to cause an indirect branch predictor to select a specific predictor entry for an indirect branch, and a disclosure gadget at the predicted target will transiently execute. • http://www.openwall.com/lists/oss-security/2022/03/18/2 https://security.netapp.com/advisory/ntap-20220818-0004 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html https://www.kb.cert.org/vuls/id/155143 https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2022-0001 https://bugzilla.redhat.com/show_bug.cgi?id=2061712 •