CVE-2022-21166

Опубликовано: 14 июн. 2022

Источник: msrc

EPSS Низкий

Описание

Intel: CVE-2022-21166 Device Register Partial Write (DRPW)

FAQ

Why is this Intel CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in certain processor models offered by Intel. The mitigation for this vulnerability requires a firmware update, and a corresponding Windows updates enables the mitigation. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and are not vulnerable to the issue when paired with the firmware update.

Please see the following for more information:

Обновления

Продукт	Статья	Обновление
Windows Server 2008 for 32-bit Systems Service Pack 2	5014752 5014743	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2	5014752 5014743	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)	5014752 5014743	Monthly Rollup Security Only
Windows 7 for 32-bit Systems Service Pack 1	5014748 5014742	Monthly Rollup Security Only
Windows 7 for x64-based Systems Service Pack 1	5014748 5014742	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)	5014748 5014742	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1	5014748 5014742	Monthly Rollup Security Only
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)	5014752 5014743	Monthly Rollup Security Only
Windows Server 2012	5014747 5014741	Monthly Rollup Security Only
Windows Server 2012 (Server Core installation)	5014747 5014741	Monthly Rollup Security Only

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 61%

0.00419

Низкий

Связанные уязвимости

CVE-2022-21166

CVSS3: 5.5

ubuntu

около 3 лет назад

Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVE-2022-21166

CVSS3: 5.5

redhat

около 3 лет назад

Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVE-2022-21166

CVSS3: 5.5

nvd

около 3 лет назад

Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVE-2022-21166

CVSS3: 5.5

debian

около 3 лет назад

Incomplete cleanup in specific special register write operations for s ...

BDU:2022-03600

CVSS3: 5.5

fstec

около 3 лет назад

Уязвимость набора средств разработки Intel Software Guard Extensions SDK, микропрограммного обеспечения Intel SGX DCAP, SGX PSW, PSW связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 61%

0.00419

Низкий