CVE-2021-0145
Published: 9 February 2022
Improper initialization of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
From the Ubuntu Security Team
Joseph Nuzman discovered that some Intel processors did not properly initialise shared resources. This may allow a local attacker to obtain sensitive information.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
intel-microcode Launchpad, Ubuntu, Debian |
bionic |
Released
(3.20220510.0ubuntu0.18.04.1)
|
| focal |
Released
(3.20220510.0ubuntu0.20.04.1)
|
|
| impish |
Released
(3.20220510.0ubuntu0.21.10.1)
|
|
| jammy |
Released
(3.20220510.0ubuntu0.22.04.1)
|
|
| kinetic |
Released
(3.20220207.1ubuntu1)
|
|
| trusty |
Ignored
(early microcode loading not allowed)
|
|
| upstream |
Released
(3.20220207.1)
|
|
| xenial |
Released
(3.20220510.0ubuntu0.16.04.1+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.5 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |