CVE-2022-24436
Publication date 15 June 2022
Last updated 24 July 2024
Ubuntu priority
Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| intel-microcode | 22.04 LTS jammy |
Not affected
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
Notes
mdeslaur
Intel will not be fixing this issue with microcode updates. As of 2022-06-16, there are no software mitigations available to fix this issue.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
6.5 · Medium
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
References
Other references
- https://www.hertzbleed.com/
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html
- https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/frequency-throttling-side-channel-guidance.html
- https://www.cve.org/CVERecord?id=CVE-2022-24436