Bug 2090237 (CVE-2022-21123)

Summary: CVE-2022-21123 hw: cpu: incomplete clean-up of multi-core shared buffers (aka SBDR)
Product: [Other] Security Response Reporter: Petr Matousek <pmatouse>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: acaringi, adscvr, airlied, alciregi, bhu, bskeggs, chwhite, crwood, ddepaula, debarbos, dhoward, dvlasenk, esyr, fhrbata, fpacheco, hdegoede, hkrzesin, hpa, jarod, jarodwilson, jburrell, jfaracco, jferlan, jforbes, jglisse, jlelli, joe.lawrence, jonathan, josef, jpoimboe, jshortt, jstancek, jwboyer, jwyatt, kcarcia, kernel-maint, kernel-mgr, kyoshida, lgoncalv, linville, lzampier, masami256, mchehab, nmurray, ptalbert, qzhao, rvrbovsk, scweaver, security-response-team, skozina, steved, vkumar, walters, williams
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in hw. Incomplete cleanup of multi-core shared buffers for some IntelĀ® Processors may allow an authenticated user to enable information disclosure via local access.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-12-14 12:18:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2090245, 2090246, 2090247, 2090248, 2090249, 2090251, 2090252, 2090253, 2090254, 2090256, 2090257, 2110368, 2110369, 2110370, 2110380, 2110381, 2110382, 2110383, 2110384, 2110385, 2110386, 2110387, 2110388, 2110389, 2110390, 2110391, 2110392, 2110393, 2110394, 2110395, 2110396, 2110397, 2110398, 2110400, 2110401, 2110402, 2110403    
Bug Blocks: 2004886    

Description Petr Matousek 2022-05-25 12:30:42 UTC 
Some processors do not properly clean up and remove temporary or supporting resources after they have been used.

References:

https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html
Comment 13 errata-xmlrpc 2022-08-09 11:50:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:5937 https://access.redhat.com/errata/RHSA-2022:5937
Comment 14 errata-xmlrpc 2022-08-09 11:52:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:5939 https://access.redhat.com/errata/RHSA-2022:5939
Comment 15 errata-xmlrpc 2022-09-13 09:40:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:6437 https://access.redhat.com/errata/RHSA-2022:6437
Comment 16 errata-xmlrpc 2022-09-13 09:45:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:6460 https://access.redhat.com/errata/RHSA-2022:6460
Comment 17 errata-xmlrpc 2022-10-11 12:31:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:6872 https://access.redhat.com/errata/RHSA-2022:6872
Comment 18 errata-xmlrpc 2022-10-18 08:05:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:6991 https://access.redhat.com/errata/RHSA-2022:6991
Comment 19 errata-xmlrpc 2022-10-18 08:14:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:6983 https://access.redhat.com/errata/RHSA-2022:6983
Comment 20 errata-xmlrpc 2022-11-01 14:17:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2022:7279 https://access.redhat.com/errata/RHSA-2022:7279
Comment 21 errata-xmlrpc 2022-11-01 14:17:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2022:7280 https://access.redhat.com/errata/RHSA-2022:7280
Comment 22 errata-xmlrpc 2022-11-15 09:45:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:7933 https://access.redhat.com/errata/RHSA-2022:7933
Comment 23 errata-xmlrpc 2022-11-15 10:48:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:8267 https://access.redhat.com/errata/RHSA-2022:8267
Comment 24 errata-xmlrpc 2022-12-13 16:05:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2022:8973 https://access.redhat.com/errata/RHSA-2022:8973
Comment 25 errata-xmlrpc 2022-12-13 16:06:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2022:8974 https://access.redhat.com/errata/RHSA-2022:8974
Comment 26 Product Security DevOps Team 2022-12-14 12:18:33 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-21123