Bug 2090241 (CVE-2022-21166)

Summary: CVE-2022-21166 hw: cpu: incomplete clean-up in specific special register write operations (aka DRPW)
Product: [Other] Security Response Reporter: Petr Matousek <pmatouse>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: acaringi, adscvr, airlied, alciregi, bhu, bskeggs, chwhite, crwood, ddepaula, debarbos, dhoward, dvlasenk, esyr, fhrbata, fpacheco, hdegoede, hkrzesin, hpa, jarod, jarodwilson, jburrell, jfaracco, jferlan, jforbes, jglisse, jlelli, joe.lawrence, jonathan, josef, jpoimboe, jshortt, jstancek, jwboyer, jwyatt, kcarcia, kernel-maint, kernel-mgr, kyoshida, lgoncalv, linville, lzampier, masami256, mchehab, nmurray, ptalbert, qzhao, rvrbovsk, scweaver, security-response-team, skozina, steved, vkumar, walters, williams
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in hw. Incomplete cleanup in specific special register write operations for some IntelĀ® Processors may allow an authenticated user to enable information disclosure via local access.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-12-14 13:18:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2090245, 2090246, 2090247, 2090248, 2090249, 2090251, 2090252, 2090253, 2090254, 2090256, 2090257, 2110380, 2110381, 2110382, 2110383, 2110384, 2110385, 2110386, 2110387, 2110388, 2110389, 2110390, 2110391, 2110392, 2110393, 2110394, 2110395, 2110396, 2110397, 2110398, 2110400, 2110401, 2110402, 2110403    
Bug Blocks: 2004886    

Description Petr Matousek 2022-05-25 12:39:29 UTC 
The product receives input or data, but it does not validate or incorrectly  validates that the input has the properties that are required to process the data safely and correctly.

References:

https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html
Comment 8 errata-xmlrpc 2022-08-09 11:50:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:5937 https://access.redhat.com/errata/RHSA-2022:5937
Comment 9 errata-xmlrpc 2022-08-09 11:52:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:5939 https://access.redhat.com/errata/RHSA-2022:5939
Comment 10 errata-xmlrpc 2022-09-13 09:40:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:6437 https://access.redhat.com/errata/RHSA-2022:6437
Comment 11 errata-xmlrpc 2022-09-13 09:45:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:6460 https://access.redhat.com/errata/RHSA-2022:6460
Comment 12 errata-xmlrpc 2022-10-11 12:32:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:6872 https://access.redhat.com/errata/RHSA-2022:6872
Comment 13 errata-xmlrpc 2022-10-18 08:08:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:6991 https://access.redhat.com/errata/RHSA-2022:6991
Comment 14 errata-xmlrpc 2022-10-18 08:15:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:6983 https://access.redhat.com/errata/RHSA-2022:6983
Comment 15 errata-xmlrpc 2022-11-01 14:17:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2022:7279 https://access.redhat.com/errata/RHSA-2022:7279
Comment 16 errata-xmlrpc 2022-11-01 14:19:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2022:7280 https://access.redhat.com/errata/RHSA-2022:7280
Comment 17 errata-xmlrpc 2022-11-15 09:45:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:7933 https://access.redhat.com/errata/RHSA-2022:7933
Comment 18 errata-xmlrpc 2022-11-15 10:48:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:8267 https://access.redhat.com/errata/RHSA-2022:8267
Comment 19 errata-xmlrpc 2022-12-13 16:05:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2022:8973 https://access.redhat.com/errata/RHSA-2022:8973
Comment 20 errata-xmlrpc 2022-12-13 16:06:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2022:8974 https://access.redhat.com/errata/RHSA-2022:8974
Comment 21 Product Security DevOps Team 2022-12-14 13:18:32 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-21166