CVE-2022-21131

Improper access control for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Published: 2022-05-12 Last update: 2025-05-05 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2022-21131 is rated Low Risk (28.1/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.06%). Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2022-21131

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-03-17 0.04% 0.06% +0.02%
2 2023-03-07 0.89% 0.04% -0.84%
3 2022-05-13 0.89%

Full EPSS history (3 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2022-21131

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
5.5 3.1 MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Click to expand
Attack vector (AV:L)
They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:L)
A normal user session is enough; they don’t have to be admin.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:N)
Service keeps running; no real outage angle.
 1.8 3.6 [email protected]
5.5 3.1 MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Click to expand
Attack vector (AV:L)
They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:L)
A normal user session is enough; they don’t have to be admin.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:N)
Service keeps running; no real outage angle.
 1.8 3.6 134c704f-9b21-4f2e-91b3-4a467353bcc0
2.1 2.0 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N Click to expand
Access vector (AV:L)
Requires local access to the target system.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:N)
No availability impact.
 3.9 2.9 [email protected]

Weakness enumeration for CVE-2022-21131

OS Trackers for CVE-2022-21131

vendor priority summary link
redhat low https://access.redhat.com/security/cve/CVE-2022-21131
suse low CVE-2022-21131 severity low: SUSE including 1 source package names (ucode-intel), 62 product×package rows across 62 product lines (HPE Helion OpenStack 8, SUSE CaaS Platform 4.0, … (62 product lines)): Known Not Affected 62. https://www.suse.com/security/cve/CVE-2022-21131/

Affected software / configurations for CVE-2022-21131

Vendor Product Version Raw CPE
intel core_i9-7940x_firmware cpe:2.3:o:intel:core_i9-7940x_firmware:-:*:*:*:*:*:*:*
intel core_i9-7960x_firmware cpe:2.3:o:intel:core_i9-7960x_firmware:-:*:*:*:*:*:*:*
intel core_i9-7980xe_firmware cpe:2.3:o:intel:core_i9-7980xe_firmware:-:*:*:*:*:*:*:*
intel core_i9-7920x_firmware cpe:2.3:o:intel:core_i9-7920x_firmware:-:*:*:*:*:*:*:*
intel core_i9-7900x_firmware cpe:2.3:o:intel:core_i9-7900x_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_6138p_firmware cpe:2.3:o:intel:xeon_gold_6138p_firmware:-:*:*:*:*:*:*:*
intel xeon_bronze_3104_firmware cpe:2.3:o:intel:xeon_bronze_3104_firmware:-:*:*:*:*:*:*:*
intel xeon_bronze_3106_firmware cpe:2.3:o:intel:xeon_bronze_3106_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_5115_firmware cpe:2.3:o:intel:xeon_gold_5115_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_5118_firmware cpe:2.3:o:intel:xeon_gold_5118_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_5119t_firmware cpe:2.3:o:intel:xeon_gold_5119t_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_5120_firmware cpe:2.3:o:intel:xeon_gold_5120_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_5120t_firmware cpe:2.3:o:intel:xeon_gold_5120t_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_5122_firmware cpe:2.3:o:intel:xeon_gold_5122_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_6126_firmware cpe:2.3:o:intel:xeon_gold_6126_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_6126f_firmware cpe:2.3:o:intel:xeon_gold_6126f_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_6126t_firmware cpe:2.3:o:intel:xeon_gold_6126t_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_6128_firmware cpe:2.3:o:intel:xeon_gold_6128_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_6130_firmware cpe:2.3:o:intel:xeon_gold_6130_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_6130f_firmware cpe:2.3:o:intel:xeon_gold_6130f_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_6130t_firmware cpe:2.3:o:intel:xeon_gold_6130t_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_6132_firmware cpe:2.3:o:intel:xeon_gold_6132_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_6134_firmware cpe:2.3:o:intel:xeon_gold_6134_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_6136_firmware cpe:2.3:o:intel:xeon_gold_6136_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_6138_firmware cpe:2.3:o:intel:xeon_gold_6138_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_6138f_firmware cpe:2.3:o:intel:xeon_gold_6138f_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_6138t_firmware cpe:2.3:o:intel:xeon_gold_6138t_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_6140_firmware cpe:2.3:o:intel:xeon_gold_6140_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_6142_firmware cpe:2.3:o:intel:xeon_gold_6142_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_6142f_firmware cpe:2.3:o:intel:xeon_gold_6142f_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_6144_firmware cpe:2.3:o:intel:xeon_gold_6144_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_6146_firmware cpe:2.3:o:intel:xeon_gold_6146_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_6148_firmware cpe:2.3:o:intel:xeon_gold_6148_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_6148f_firmware cpe:2.3:o:intel:xeon_gold_6148f_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_6150_firmware cpe:2.3:o:intel:xeon_gold_6150_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_6152_firmware cpe:2.3:o:intel:xeon_gold_6152_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_6154_firmware cpe:2.3:o:intel:xeon_gold_6154_firmware:-:*:*:*:*:*:*:*
intel xeon_platinum_8153_firmware cpe:2.3:o:intel:xeon_platinum_8153_firmware:-:*:*:*:*:*:*:*
intel xeon_platinum_8156_firmware cpe:2.3:o:intel:xeon_platinum_8156_firmware:-:*:*:*:*:*:*:*
intel xeon_platinum_8158_firmware cpe:2.3:o:intel:xeon_platinum_8158_firmware:-:*:*:*:*:*:*:*
intel xeon_platinum_8160_firmware cpe:2.3:o:intel:xeon_platinum_8160_firmware:-:*:*:*:*:*:*:*
intel xeon_platinum_8160f_firmware cpe:2.3:o:intel:xeon_platinum_8160f_firmware:-:*:*:*:*:*:*:*
intel xeon_platinum_8160t_firmware cpe:2.3:o:intel:xeon_platinum_8160t_firmware:-:*:*:*:*:*:*:*
intel xeon_platinum_8164_firmware cpe:2.3:o:intel:xeon_platinum_8164_firmware:-:*:*:*:*:*:*:*
intel xeon_platinum_8168_firmware cpe:2.3:o:intel:xeon_platinum_8168_firmware:-:*:*:*:*:*:*:*
intel xeon_platinum_8170_firmware cpe:2.3:o:intel:xeon_platinum_8170_firmware:-:*:*:*:*:*:*:*
intel xeon_platinum_8176_firmware cpe:2.3:o:intel:xeon_platinum_8176_firmware:-:*:*:*:*:*:*:*
intel xeon_platinum_8176f_firmware cpe:2.3:o:intel:xeon_platinum_8176f_firmware:-:*:*:*:*:*:*:*
intel xeon_platinum_8180_firmware cpe:2.3:o:intel:xeon_platinum_8180_firmware:-:*:*:*:*:*:*:*
intel xeon_silver_4108_firmware cpe:2.3:o:intel:xeon_silver_4108_firmware:-:*:*:*:*:*:*:*
intel xeon_silver_4109t_firmware cpe:2.3:o:intel:xeon_silver_4109t_firmware:-:*:*:*:*:*:*:*
intel xeon_silver_4110_firmware cpe:2.3:o:intel:xeon_silver_4110_firmware:-:*:*:*:*:*:*:*
intel xeon_silver_4112_firmware cpe:2.3:o:intel:xeon_silver_4112_firmware:-:*:*:*:*:*:*:*
intel xeon_silver_4114_firmware cpe:2.3:o:intel:xeon_silver_4114_firmware:-:*:*:*:*:*:*:*
intel xeon_silver_4114t_firmware cpe:2.3:o:intel:xeon_silver_4114t_firmware:-:*:*:*:*:*:*:*
intel xeon_silver_4116_firmware cpe:2.3:o:intel:xeon_silver_4116_firmware:-:*:*:*:*:*:*:*
intel xeon_silver_4116t_firmware cpe:2.3:o:intel:xeon_silver_4116t_firmware:-:*:*:*:*:*:*:*
intel xeon_bronze_3206r_firmware cpe:2.3:o:intel:xeon_bronze_3206r_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_5218r_firmware cpe:2.3:o:intel:xeon_gold_5218r_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_5220r_firmware cpe:2.3:o:intel:xeon_gold_5220r_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_6208u_firmware cpe:2.3:o:intel:xeon_gold_6208u_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_6226r_firmware cpe:2.3:o:intel:xeon_gold_6226r_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_6230r_firmware cpe:2.3:o:intel:xeon_gold_6230r_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_6238r_firmware cpe:2.3:o:intel:xeon_gold_6238r_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_6240r_firmware cpe:2.3:o:intel:xeon_gold_6240r_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_6242r_firmware cpe:2.3:o:intel:xeon_gold_6242r_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_6246r_firmware cpe:2.3:o:intel:xeon_gold_6246r_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_6248r_firmware cpe:2.3:o:intel:xeon_gold_6248r_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_6250_firmware cpe:2.3:o:intel:xeon_gold_6250_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_6250l_firmware cpe:2.3:o:intel:xeon_gold_6250l_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_6256_firmware cpe:2.3:o:intel:xeon_gold_6256_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_6258r_firmware cpe:2.3:o:intel:xeon_gold_6258r_firmware:-:*:*:*:*:*:*:*
intel xeon_silver_4210r_firmware cpe:2.3:o:intel:xeon_silver_4210r_firmware:-:*:*:*:*:*:*:*
intel xeon_silver_4210t_firmware cpe:2.3:o:intel:xeon_silver_4210t_firmware:-:*:*:*:*:*:*:*
intel xeon_silver_4214r_firmware cpe:2.3:o:intel:xeon_silver_4214r_firmware:-:*:*:*:*:*:*:*
intel xeon_silver_4215r_firmware cpe:2.3:o:intel:xeon_silver_4215r_firmware:-:*:*:*:*:*:*:*
intel xeon_platinum_9221_firmware cpe:2.3:o:intel:xeon_platinum_9221_firmware:-:*:*:*:*:*:*:*
intel xeon_platinum_9222_firmware cpe:2.3:o:intel:xeon_platinum_9222_firmware:-:*:*:*:*:*:*:*
intel xeon_bronze_3204_firmware cpe:2.3:o:intel:xeon_bronze_3204_firmware:-:*:*:*:*:*:*:*
intel xeon_gold_5215_firmware cpe:2.3:o:intel:xeon_gold_5215_firmware:-:*:*:*:*:*:*:*

References for CVE-2022-21131

cvelogic Threat Intelligence