CVE-2022-24436

CVSS 6.5 MEDIUMEPSS 12.0%CWE-203

In short

Some Intel processors have a flaw in their power management system that could let authenticated users discover sensitive information over the network. This happens because the processor's throttling behavior can reveal internal data patterns.

Technical detail

CWE-203 observable behavior in Intel processor power management throttling allows authenticated attackers to infer sensitive information through side-channel analysis of CPU frequency scaling patterns. The vulnerability requires network access and valid authentication credentials; exploitability depends on the attacker's ability to monitor and correlate throttling behavior with computational operations.

Summary generated and translated by AI from the official description.

Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected products

n/a · Intel(R) Processors

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://security.netapp.com/advisory/ntap-20220624-0007/https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html