CVE-2022-0001

Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

Published: 2022-03-11 Last update: 2025-05-05 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2022-0001 is rated Moderate Risk (44.3/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 0.29%). Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2022-0001

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-05-23 0.36% 0.29% -0.08%
2 2026-05-12 0.29% 0.36% +0.08%
3 2026-04-08 0.29%

Full EPSS history (20 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2022-0001

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
6.5 3.1 MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Click to expand
Attack vector (AV:L)
They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:L)
A normal user session is enough; they don’t have to be admin.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:C)
Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:N)
Service keeps running; no real outage angle.
 2.0 4.0 [email protected]
6.5 3.1 MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Click to expand
Attack vector (AV:L)
They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:L)
A normal user session is enough; they don’t have to be admin.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:C)
Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:N)
Service keeps running; no real outage angle.
 2.0 4.0 134c704f-9b21-4f2e-91b3-4a467353bcc0
2.1 2.0 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N Click to expand
Access vector (AV:L)
Requires local access to the target system.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:N)
No availability impact.
 3.9 2.9 [email protected]

Weakness enumeration for CVE-2022-0001

OS Trackers for CVE-2022-0001

vendor priority summary link
debian not yet assigned CVE-2022-0001 not yet assigned priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2022-0001
redhat medium https://access.redhat.com/security/cve/CVE-2022-0001
suse medium https://www.suse.com/security/cve/CVE-2022-0001/
ubuntu high CVE-2022-0001 high priority: Ubuntu including 167 source packages (linux, linux-allwinner, …), 2042 status rows across 15 suites (bionic, focal, hirsute, impish, jammy, kinetic, lunar, mantic, noble, oracular, plucky, questing, trusty, upstream, xenial): DNE 1576, released 216, not-affected 192, ignored 56, needed 2. https://ubuntu.com/security/CVE-2022-0001

Affected software / configurations for CVE-2022-0001

Vendor Product Version Raw CPE
intel atom_p5921b cpe:2.3:h:intel:atom_p5921b:-:*:*:*:*:*:*:*
intel atom_p5931b cpe:2.3:h:intel:atom_p5931b:-:*:*:*:*:*:*:*
intel atom_p5942b cpe:2.3:h:intel:atom_p5942b:-:*:*:*:*:*:*:*
intel atom_p5962b cpe:2.3:h:intel:atom_p5962b:-:*:*:*:*:*:*:*
intel atom_x6200fe cpe:2.3:h:intel:atom_x6200fe:-:*:*:*:*:*:*:*
intel atom_x6211e cpe:2.3:h:intel:atom_x6211e:-:*:*:*:*:*:*:*
intel atom_x6212re cpe:2.3:h:intel:atom_x6212re:-:*:*:*:*:*:*:*
intel atom_x6413e cpe:2.3:h:intel:atom_x6413e:-:*:*:*:*:*:*:*
intel atom_x6425e cpe:2.3:h:intel:atom_x6425e:-:*:*:*:*:*:*:*
intel atom_x6425re cpe:2.3:h:intel:atom_x6425re:-:*:*:*:*:*:*:*
intel atom_x6427fe cpe:2.3:h:intel:atom_x6427fe:-:*:*:*:*:*:*:*
intel celeron_5305u cpe:2.3:h:intel:celeron_5305u:-:*:*:*:*:*:*:*
intel celeron_6305 cpe:2.3:h:intel:celeron_6305:-:*:*:*:*:*:*:*
intel celeron_6305e cpe:2.3:h:intel:celeron_6305e:-:*:*:*:*:*:*:*
intel celeron_6600he cpe:2.3:h:intel:celeron_6600he:-:*:*:*:*:*:*:*
intel celeron_g5205u cpe:2.3:h:intel:celeron_g5205u:-:*:*:*:*:*:*:*
intel celeron_g5305u cpe:2.3:h:intel:celeron_g5305u:-:*:*:*:*:*:*:*
intel celeron_g5900 cpe:2.3:h:intel:celeron_g5900:-:*:*:*:*:*:*:*
intel celeron_g5900t cpe:2.3:h:intel:celeron_g5900t:-:*:*:*:*:*:*:*
intel celeron_g5905 cpe:2.3:h:intel:celeron_g5905:-:*:*:*:*:*:*:*
intel celeron_g5905t cpe:2.3:h:intel:celeron_g5905t:-:*:*:*:*:*:*:*
intel celeron_g5920 cpe:2.3:h:intel:celeron_g5920:-:*:*:*:*:*:*:*
intel celeron_g5925 cpe:2.3:h:intel:celeron_g5925:-:*:*:*:*:*:*:*
intel celeron_g6900 cpe:2.3:h:intel:celeron_g6900:-:*:*:*:*:*:*:*
intel celeron_g6900t cpe:2.3:h:intel:celeron_g6900t:-:*:*:*:*:*:*:*
intel celeron_j4005 cpe:2.3:h:intel:celeron_j4005:-:*:*:*:*:*:*:*
intel celeron_j4025 cpe:2.3:h:intel:celeron_j4025:-:*:*:*:*:*:*:*
intel celeron_j4105 cpe:2.3:h:intel:celeron_j4105:-:*:*:*:*:*:*:*
intel celeron_j4125 cpe:2.3:h:intel:celeron_j4125:-:*:*:*:*:*:*:*
intel celeron_j6413 cpe:2.3:h:intel:celeron_j6413:-:*:*:*:*:*:*:*
intel celeron_n4000 cpe:2.3:h:intel:celeron_n4000:-:*:*:*:*:*:*:*
intel celeron_n4020 cpe:2.3:h:intel:celeron_n4020:-:*:*:*:*:*:*:*
intel celeron_n4100 cpe:2.3:h:intel:celeron_n4100:-:*:*:*:*:*:*:*
intel celeron_n4120 cpe:2.3:h:intel:celeron_n4120:-:*:*:*:*:*:*:*
intel celeron_n4500 cpe:2.3:h:intel:celeron_n4500:-:*:*:*:*:*:*:*
intel celeron_n4504 cpe:2.3:h:intel:celeron_n4504:-:*:*:*:*:*:*:*
intel celeron_n5100 cpe:2.3:h:intel:celeron_n5100:-:*:*:*:*:*:*:*
intel celeron_n5105 cpe:2.3:h:intel:celeron_n5105:-:*:*:*:*:*:*:*
intel celeron_n6211 cpe:2.3:h:intel:celeron_n6211:-:*:*:*:*:*:*:*
intel core_i3-1000g1 cpe:2.3:h:intel:core_i3-1000g1:-:*:*:*:*:*:*:*
intel core_i3-1000g4 cpe:2.3:h:intel:core_i3-1000g4:-:*:*:*:*:*:*:*
intel core_i3-1005g1 cpe:2.3:h:intel:core_i3-1005g1:-:*:*:*:*:*:*:*
intel core_i3-10100 cpe:2.3:h:intel:core_i3-10100:-:*:*:*:*:*:*:*
intel core_i3-10100f cpe:2.3:h:intel:core_i3-10100f:-:*:*:*:*:*:*:*
intel core_i3-10100t cpe:2.3:h:intel:core_i3-10100t:-:*:*:*:*:*:*:*
intel core_i3-10100te cpe:2.3:h:intel:core_i3-10100te:-:*:*:*:*:*:*:*
intel core_i3-10105 cpe:2.3:h:intel:core_i3-10105:-:*:*:*:*:*:*:*
intel core_i3-10105f cpe:2.3:h:intel:core_i3-10105f:-:*:*:*:*:*:*:*
intel core_i3-10105t cpe:2.3:h:intel:core_i3-10105t:-:*:*:*:*:*:*:*
intel core_i3-10110u cpe:2.3:h:intel:core_i3-10110u:-:*:*:*:*:*:*:*
intel core_i3-10300 cpe:2.3:h:intel:core_i3-10300:-:*:*:*:*:*:*:*
intel core_i3-10300t cpe:2.3:h:intel:core_i3-10300t:-:*:*:*:*:*:*:*
intel core_i3-10305 cpe:2.3:h:intel:core_i3-10305:-:*:*:*:*:*:*:*
intel core_i3-10305t cpe:2.3:h:intel:core_i3-10305t:-:*:*:*:*:*:*:*
intel core_i3-10320 cpe:2.3:h:intel:core_i3-10320:-:*:*:*:*:*:*:*
intel core_i3-10325 cpe:2.3:h:intel:core_i3-10325:-:*:*:*:*:*:*:*
intel core_i3-11100he cpe:2.3:h:intel:core_i3-11100he:-:*:*:*:*:*:*:*
intel core_i3-1110g4 cpe:2.3:h:intel:core_i3-1110g4:-:*:*:*:*:*:*:*
intel core_i3-1115g4 cpe:2.3:h:intel:core_i3-1115g4:-:*:*:*:*:*:*:*
intel core_i3-1115g4e cpe:2.3:h:intel:core_i3-1115g4e:-:*:*:*:*:*:*:*
intel core_i3-1115gre cpe:2.3:h:intel:core_i3-1115gre:-:*:*:*:*:*:*:*
intel core_i3-1120g4 cpe:2.3:h:intel:core_i3-1120g4:-:*:*:*:*:*:*:*
intel core_i3-1125g4 cpe:2.3:h:intel:core_i3-1125g4:-:*:*:*:*:*:*:*
intel core_i3-12100 cpe:2.3:h:intel:core_i3-12100:-:*:*:*:*:*:*:*
intel core_i3-12100f cpe:2.3:h:intel:core_i3-12100f:-:*:*:*:*:*:*:*
intel core_i3-12100t cpe:2.3:h:intel:core_i3-12100t:-:*:*:*:*:*:*:*
intel core_i3-1220p cpe:2.3:h:intel:core_i3-1220p:-:*:*:*:*:*:*:*
intel core_i3-12300 cpe:2.3:h:intel:core_i3-12300:-:*:*:*:*:*:*:*
intel core_i3-12300t cpe:2.3:h:intel:core_i3-12300t:-:*:*:*:*:*:*:*
intel core_i3-l13g4 cpe:2.3:h:intel:core_i3-l13g4:-:*:*:*:*:*:*:*
intel core_i5-10110y cpe:2.3:h:intel:core_i5-10110y:-:*:*:*:*:*:*:*
intel core_i5-10200h cpe:2.3:h:intel:core_i5-10200h:-:*:*:*:*:*:*:*
intel core_i5-10210u cpe:2.3:h:intel:core_i5-10210u:-:*:*:*:*:*:*:*
intel core_i5-10210y cpe:2.3:h:intel:core_i5-10210y:-:*:*:*:*:*:*:*
intel core_i5-10300h cpe:2.3:h:intel:core_i5-10300h:-:*:*:*:*:*:*:*
intel core_i5-1030g4 cpe:2.3:h:intel:core_i5-1030g4:-:*:*:*:*:*:*:*
intel core_i5-1030g7 cpe:2.3:h:intel:core_i5-1030g7:-:*:*:*:*:*:*:*
intel core_i5-10310y cpe:2.3:h:intel:core_i5-10310y:-:*:*:*:*:*:*:*
intel core_i5-1035g1 cpe:2.3:h:intel:core_i5-1035g1:-:*:*:*:*:*:*:*
intel core_i5-1035g4 cpe:2.3:h:intel:core_i5-1035g4:-:*:*:*:*:*:*:*

References for CVE-2022-0001

cvelogic Threat Intelligence