Observable Discrepancy

CVE-2022-40982

Medium

6.5/10

Summary

Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. This vulnerability affects xen package versions prior to 4.14.6, 4.15.x prior to 4.15.5, 4.16.x prior to 4.16.5, and 4.17.x prior to 4.17.2.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: CHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-203 - Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

References

Advisory
Mail Thread
Disclosure

Advisory Timeline

Published Aug 11, 2023

Observable Discrepancy

CVE-2022-40982

Summary

CWE-203 - Observable Discrepancy

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS