CVE-2022-21123 An attacker can potentially access information on the local machine if the CPU does not clean up its shared memory correctly.
Multiple memory corruption issues were addressed with improved memory handling.
An authenticated user can issue a malicious application with root access privileged instructions to inject into the memory of another process. This may potentially lead to information disclosure.
In a shared memory environment, a malicious local application may be able to read data from other shared processes, leading to information disclosure.
Addressed issues where the handling of unaligned memory accesses leads to information disclosure.
An authenticated user may obtain potentially sensitive information from uninitialized variables.
Addressed issues where privileged instructions in a malicious application may be executed, leading to information disclosure.
In a shared memory environment, an authenticated user may obtain potentially sensitive information from uninitialized memory data.
Addressed an information disclosure issue where privileged instructions in a malicious application may be executed, leading to information disclosure.
Addressed issues where multi-core shared memory may be corrupted, leading to information disclosure.
Addressed an information disclosure issue where privileged instructions in a malicious application may be executed, leading to information disclosure.
Addressed an information disclosure issue where privileged instructions in a malicious application may be executed, leading to information disclosure.
CVE-2022-21124
Multiple memory corruption issues were addressed with improved memory handling.
An authenticated user can issue a malicious application with root access privileged instructions to inject into the memory of another process. This may potentially lead to information disclosure.
In a shared memory environment, a malicious local application may be able to read data from other shared processes, leading to information disclosure.
Addressed issues where the handling of unaligned memory accesses leads to information disclosure.
An authenticated user may obtain potentially sensitive information from uninitialized variables.
Addressed an information disclosure issue where privileged instructions in a malicious application may be executed, leading to information disclosure. In a shared memory environment, an authenticated user may obtain potentially sensitive information from uninitialized memory data.  Addressed an information disclosure issue where privileged instructions in a malicious application may be executed, leading to information disclosure.
Timeline
Published on: 06/15/2022 20:15:00 UTC
Last modified on: 08/19/2022 12:55:00 UTC
References
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html
- http://www.openwall.com/lists/oss-security/2022/06/16/1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHTEW3RXU2GW6S3RCPQG4VNCZGI3TOSV/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4P2KJYL74KGLHE4JZETVW7PZH6ZIABA/
- https://security.netapp.com/advisory/ntap-20220624-0008/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MCVOMHBQRH4KP7IN6U24CW7F2D2L5KBS/
- https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
- https://www.debian.org/security/2022/dsa-5173
- https://www.debian.org/security/2022/dsa-5178
- https://www.debian.org/security/2022/dsa-5184
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q/
- https://security.gentoo.org/glsa/202208-23
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21123