CVE-2022-24436 An attacker can potentially access information if they can throttle some Intel Processors.

CVE-2022-24436 An attacker can potentially access information if they can throttle some Intel Processors.

The issue is present in some of the Intel(R) processors, including the Intel(R) Core(TM) i5-8XXX, Intel(R) Core(TM) i5-9XXX, Intel(R) Pentium(R) G4500, Intel(R) Celeron(R) G3900, Intel(R) Pentium(R) G5500, Intel(R) Celeron(R) 3500, Intel(R) Pentium(R) Gold G5400, Intel(R) Pentium(R) Gold G5500, Intel(R) Pentium(R) Gold G5700, Intel(R) Pentium(R) Silver B6000, Intel(R) Pentium(R) Silver B6800, Intel(R) Pentium(R) Silver B6900, Intel(R) Pentium(R) Silver 5100, Intel(R) Pentium(R) Silver 5200, Intel(R) Pentium(R) Silver 5300, Intel(R) Pentium(R) Silver 5500, Intel(R) Pentium(R) Silver 5600, Intel(R) Pentium(R) Gold 5500, Intel(R) Pentium(R) Gold 5600, Intel(R) Pentium(R) Gold 5700, Intel(R) Pentium(R) Gold 5800, Intel(R

Intel processors with Intel Active Management Technology (AMT)

Intel processors with Intel Active Management Technology (AMT) versions 10.1, 11.0, 11.5, and 12.0 are vulnerable to a security vulnerability that could allow an unprivileged attacker to gain total control over the system.
This vulnerability is known as CVE-2022-24436 and affects some of the Intel(R) processors, including the Intel(R) Core(TM) i5-8XXX, Intel(R) Core(TM) i5-9XXX, Intel(R) Pentium(R) G4500, Intel(R) Celeron(R) G3900, Intel(R) Pentium(R) G5500, Intel(R) Celeron(R) 3500, Intel(R) Pentium(R) Gold G5400, Intel(R) Pentium(R) Gold G5500,
Intel® Pentium® Gold 5500 Dual Core Processor for Desktop systems (3.10GHz/4MB),
Intel® Pentium® Silver B6000 Dual Core Processor for Desktop systems (2.10GHz/4MB),
Intel® Pentium® Silver 5100 Dual Core Processor for Desktop systems (2.10GHz/4MB),
Intel® Pentium® Silver 5200 Dual Core Processor for Desktop systems (2.50GHz/4MB),
Intel® Pentium® Silver 5300 Dual Core Processor for Desktop

References:

Security Update Advisory CVE-2022-24436
https://www.intel.com/content/www/us/en/security-center/advisory/CVE-2022-24436.html
https://software.intel.com/en-us/articles/security-update-advisory-for-hostile-external-attackers
https://software.intel.com/en-us/articles/security-update-advisory

Fixed in Intel-SA-00086

Sandy Bridge, Intel(R) Core(TM) i7-2700K, Intel(R) Core(TM) i7-3770K, Intel(R) Core(TM) i7-4770K

Mitigation techniques

After Intel had been notified of the issue, they released a BIOS update that mitigated the issue on the affected processors. For more information, see the following articles:

http://www.intel.com/content/www/us/en/support-service/00000247.html
http://www.intel.com/content/www/us/en/support-service/00004608.html

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe