CVE-2022-21233

Home/CVE/Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable inf

CVE

Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable inf

Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

MEDIUM · CVSS 5.5 EPSS 0.00143

Monitor

No active-exploitation, high-EPSS, or public-exploit signals - routine patching cadence

Sigma rules0 YARA rules0

▤

Affected Products & Versions

intel pentium j4205 firmwareall versions
intel pentium n4200 firmwareall versions
intel pentium n4200e firmwareall versions
intel celeron j3455 firmwareall versions
intel celeron j3355 firmwareall versions
intel celeron j3455e firmwareall versions
intel celeron j3355e firmwareall versions
intel celeron n3450 firmwareall versions
Show all 60 affected productsintel celeron n3350 firmwareall versions
intel celeron n3350e firmwareall versions
intel atom x5-a3930 firmwareall versions
intel atom x5-a3940 firmwareall versions
intel atom x5-a3950 firmwareall versions
intel atom x5-a3960 firmwareall versions
intel atom x5-e3940 firmwareall versions
intel atom x5-e3930 firmwareall versions
intel atom x7-e3950 firmwareall versions
intel atom c3308 firmwareall versions
intel atom c3336 firmwareall versions
intel atom c3338 firmwareall versions
intel atom c3338r firmwareall versions
intel atom c3436l firmwareall versions
intel atom c3508 firmwareall versions
intel atom c3538 firmwareall versions
intel atom c3558 firmwareall versions
intel atom c3558r firmwareall versions
intel atom c3558rc firmwareall versions
intel atom c3708 firmwareall versions
intel atom c3750 firmwareall versions
intel atom c3758 firmwareall versions
intel atom c3758r firmwareall versions
intel atom c3808 firmwareall versions
intel atom c3830 firmwareall versions
intel atom c3850 firmwareall versions
intel atom c3858 firmwareall versions
intel atom c3950 firmwareall versions
intel atom c3958 firmwareall versions
intel atom c3955 firmwareall versions
intel xeon platinum 8300 firmwareall versions
intel xeon gold 6300 firmwareall versions
intel xeon gold 5300 firmwareall versions
intel xeon silver 4300 firmwareall versions
intel xeon d-1513n firmwareall versions
intel xeon d-1518 firmwareall versions
intel xeon d-1520 firmwareall versions
intel xeon d-1521 firmwareall versions
intel xeon d-1523n firmwareall versions
intel xeon d-1524n firmwareall versions
intel xeon d-1527 firmwareall versions
intel xeon d-1528 firmwareall versions
intel xeon d-1529 firmwareall versions
intel xeon d-1531 firmwareall versions
intel xeon d-1533n firmwareall versions
intel xeon d-1537 firmwareall versions
intel xeon d-1539 firmwareall versions
intel xeon d-1540 firmwareall versions
intel xeon d-1541 firmwareall versions
intel xeon d-1543n firmwareall versions
intel xeon d-1548 firmwareall versions
intel xeon d-1553n firmwareall versions

▣

Scoring & Timeline

5.5

MEDIUM · CVSS v3.1 · secure@intel.com

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD18 Aug 2022 · 08:15 PM

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

SSVC triage · cisa-vulnrichment

Exploitation

none

Automatable

Technical impact

partial

SSVC asks the questions that actually drive patch urgency: is it being exploited, can attacks be automated, and how total is the impact.

⚑

Vendor Advisories

suse-csafopenSUSE-SU-2024:12254-1
siemens-csafSSA-831302
usnUSN-5612-1
suse-csafSUSE-SU-2022:2960-1
suse-csafSUSE-SU-2022:2960-2
Show all 12 vendor advisoriessuse-csafSUSE-SU-2022:2838-1
suse-csafSUSE-SU-2022:2842-1
suse-csafSUSE-SU-2022:2832-1
suse-csafSUSE-SU-2022:2833-1
rhsaRHSA-2022:5937Moderate
rhsaRHSA-2022:5939Moderate
cisa-csafcisa-csaf-csaf_files-OT-white-2023-icsa-23-166-10

🔗

References & Sources

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

https://lists.debian.org/debian-lts-announce/2023/04/msg00000.html

https://security.netapp.com/advisory/ntap-20220923-0002/Third Party Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.htmlMitigationVendor Advisory

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin