CVE Vulnerabilities

CVE-2022-33972

Incorrect Calculation

Published: Feb 16, 2023 | Modified: Mar 06, 2023
CVSS 3.x
4.4
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
6.1 MODERATE
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N
Ubuntu
MEDIUM

Incorrect calculation in microcode keying mechanism for some 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable information disclosure via local access.

Weakness

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

Affected Software

Name Vendor Start Version End Version
Xeon_gold_5315y_firmware Intel - (including) - (including)
Intel-microcode Ubuntu bionic *
Intel-microcode Ubuntu devel *
Intel-microcode Ubuntu esm-infra-legacy/trusty *
Intel-microcode Ubuntu esm-infra/xenial *
Intel-microcode Ubuntu focal *
Intel-microcode Ubuntu jammy *
Intel-microcode Ubuntu kinetic *
Intel-microcode Ubuntu trusty *
Intel-microcode Ubuntu trusty/esm *
Intel-microcode Ubuntu xenial *

Potential Mitigations

  • Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
  • Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
  • Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
  • Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).

References