Rewterz Threat Advisory – Multiple Intel Products and Processors

Severity

High

Analysis Summary

CVE-2022-0002

Multiple Intel Processors could allow a local authenticated attacker to obtain sensitive information, caused by an issue with non-transparent sharing of branch predictor selectors between contexts. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

CVE-2022-0001

Multiple Intel Processors could allow a local authenticated attacker to obtain sensitive information, caused by an issue with non-transparent sharing of branch predictor selectors between contexts. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

CVE-2021-33150

Multiple Intel products could allow a physical attacker to gain elevated privileges on the system, caused by an issue with hardware allows activation of test or debug logic at runtime. By performing specially-crafted operations, an attacker could exploit this vulnerability to gain elevated privileges.

Impact

• Information Disclosure
• Privilege Escalation

Indicators of Compromise

CVE

• CVE-2022-0002
• CVE-2022-0001
• CVE-2021-33150

Affected Vendors

Intel

Affected Products

• Intel Xeon Scalable Processor
• Intel 6th Gen Core Processors
• Intel 7th Gen Core Processors
• Intel 8th Gen Core Processors
• Intel Atom Processor A Series

Remediation

Refer to INTEL Security Advisory for patch, upgrade or suggested workaround information.

INTEL-SA-00598

INTEL-SA-00609