In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function.

Summary

ReDoS in Package Upload Files (CVE-2022-2049)

Advisory Number

2022-10

Discovery Date

02 Jun 2022

Patch Release Date

21 Jun 2022

Advisory Release Date

19 Aug 2022

Product

Octopus Server

Operating System

Linux and Microsoft Windows

Severity

Medium

CVE ID

CVE-2022-2049

Customers who have downloaded and installed any of the Octopus Server versions listed below ("Details") are affected.

Please upgrade your Octopus Server immediately to fix this vulnerability.

Customers who have upgraded Octopus Server to version 2022.2.6872 or higher are not affected.

**Severity**

Octopus Deploy has given this vulnerability a medium rating. This rating was given according to the Octopus Deploy severity levels, which ranks vulnerabilities as critical, high, medium, or low severity.

This is our assessment and you should evaluate its applicability to your own environment.

**Details**

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function. When performed successfully, this results in Octopus Server becoming unresponsive due to excessive CPU usage.

The versions of Octopus Server affected by this vulnerability are:

*   All 0.x.x, 1.x.x, 2.x.x, 3.x.x, 4.x.x versions
*   All 2018.x, 2019.x, 2020.x, 2021.x versions
*   All 2022.1.x versions before 2022.1.2894
*   All 2022.2.x versions before 2022.2.6872
*   All 2022.3.x versions before 2022.3.4953

As of the 19/08/2022 Octopus Server version 2022.3.x is only available on Octopus Cloud.

**Fix**

To address this vulnerability, we have released Octopus Server version:

*   2022.1.2894
*   2022.2.6872
*   2022.3.4953

The latest versions of Octopus Deploy products can be downloaded from https://octopus.com/downloads and previous versions can be downloaded from https://octopus.com/downloads/previous

**What You Need to Do**

Octopus Deploy recommends that you upgrade to the latest version (2022.2.6872). You can download the latest version of Octopus Server from https://octopus.com/downloads

**If you can't upgrade to the latest version (2022.2.6872):**

If you have feature version...

...then upgrade to this version

0.x.x, 1.x.x, 2.x.x, 3.x.x, 4.x.x

2022.1.2894 or greater

2018.x, 2019.x, 2020.x, 2021.x

2022.1.2894 or greater

2022.1.x

2022.1.2894 or greater

2022.2.x

2022.2.6872 or greater

2022.3.x

2022.3.4953 or greater

**Mitigation**

There is no known mitigation for CVE-2022-2049, it is important to upgrade to a fixed version as soon as possible.

**Support**

If you have any questions or concerns regarding this advisory, please contact our support team https://octopus.com/support.

**Exploitation and Public Announcements**

The Octopus Deploy security team is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

**Source**

This vulnerability was found by Bartłomiej Górkiewicz

CVE-2022-2049: Security Advisory 2022-10

Incomplete cleanup in a firmware subsystem for Intel(R) SPS before versions SPS_E3_04.08.04.330.0 and SPS_E3_04.01.04.530.0 may allow a privileged user to potentially enable denial of service via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**2022.2 IPU - Intel® Chipset Firmware Advisory**

**Summary: **

A potential security vulnerability in the Intel® Server Platform Services (SPS) firmware may allow denial of service.  Intel is releasing firmware updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2022-26074

Description: Incomplete cleanup in a firmware subsystem for Intel(R) SPS before versions SPS\_E3\_04.08.04.330.0 and SPS\_E3\_04.01.04.530.0 may allow a privileged user to potentially enable denial of service via local access.  

CVSS Base Score: 6.0 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

**Affected Products:**

Intel® SPS before version SPS\_E3\_04.08.04.330.0 and SPS\_E3\_04.01.04.530.0.

**Recommendations:**

Intel recommends that users of Intel® SPS update to the latest version provided by the system manufacturer that addresses these issues.

**Acknowledgements:**

The following issue was found internally by Intel employees.  Intel would like to thank Tomasz Bagniuk.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

08/09/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-26074: INTEL-SA-00669

Improper access control in the firmware for some Intel(R) E810 Ethernet Controllers before version 1.6.2.9 may allow a privileged user to potentially enable denial of service via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® Ethernet Controllers and Adapters Advisory**

**Summary: **

Potential security vulnerabilities in some Intel® Ethernet Controllers and Adapters may allow denial of service.  Intel is releasing firmware updates to mitigate these potential vulnerabilities.

**Vulnerability Details:**

CVEID: CVE-2021-33126

Description: Improper access control in the firmware for some Intel(R) 700 and 722 Series Ethernet Controllers and Adapters before versions 8.5 and 1.5.5 may allow a privileged user to potentially enable denial of service via local access.

CVSS Base Score: 5.1 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

CVEID: CVE-2021-33128

Description: Improper access control in the firmware for some Intel(R) E810 Ethernet Controllers before version 1.6.0.6 may allow a privileged user to potentially enable denial of service via local access.

CVSS Base Score: 5.1 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 

CVEID: CVE-2022-28709

Description: Improper access control in the firmware for some Intel(R) E810 Ethernet Controllers before version 1.6.1.9 may allow a privileged user to potentially enable denial of service via local access.

CVSS Base Score: 4.1 Medium

CVSS Vector:  CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

**Affected Products:**

Intel® 700 Series Ethernet Controllers and Adapters before version 8.5.

*   Firmware version, as reported by the device, corresponding to the release numbers above are:  
    
*   Software Release Version 26.6: Device reports 8.5, NVM version 8.50.

Intel® 722 Series Ethernet Controllers and Adapters before version 1.5.5.

*   Firmware version, as reported by the device, corresponding to the release numbers above are:
    *   Software Release Version 26.6: Device reports 1.5.5, NVM version 5.50.

Intel® E810 Ethernet Controllers and Adapters before version 1.6.0.6.

*   Firmware versions, as reported by the device, corresponding to the release numbers above are:
    *   Software Release version 26.4: Device Reports 1.6.0.6., NVM version 3.0.

Intel® E810 Ethernet Controllers and Adapters before version1.6.1.9

*   Firmware versions, as reported by the device, corresponding to the release numbers above are:
    *   Software Release Version 26.8: Device reports 1.6.1.9, NVM version 3.10.

**Recommendations:**

Intel recommends updating the firmware for impacted Intel® Ethernet Controllers and Adapters to the versions provided below or later.

*   Intel® 700 Series Ethernet Controllers and Adapters before version 8.5.
*   Intel® 722 Series Ethernet Controllers and Adapters before version 1.5.5.
*   Intel® E810 Ethernet Controllers and Adapters before version 1.6.1.9

Updates are available for download at this location:

https://downloadcenter.intel.com/product/36773/Ethernet-Products

**Acknowledgements:**

The following issues were found internally by Intel employees.  Intel would like to thank Dmitry Shvarts and Dmitry Tsimbler. 

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

08/09/2022

Initial Release

1.1

08/18/2022

Updated versions for:

CVE-2021-33128, CVE-2022-28709.

Affected products section.

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-28709: INTEL-SA-00593

libjpeg commit 281daa9 was discovered to contain a segmentation fault via LineMerger::GetNextLowpassLine at linemerger.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.

Hi, there.

There is a segmentation fault in the newest master branch.

Here is the reproducing command:  
jpeg poc /dev/null

    (gdb) bt
    #0  0x00007ffff7f31270 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
    #1  0x0000000000711b6f in LineMerger::GetNextLowpassLine (this=0x85ed20, comp=2 '\002')
        at linemerger.cpp:262
    #2  0x00000000007127d2 in LineMerger::GetNextExpandedLowPassLine (this=0x85ed20,
        comp=<optimized out>) at linemerger.cpp:339
    #3  0x0000000000713251 in LineMerger::GetNextLine (this=0x85ed20, comp=2 '\002')
        at linemerger.cpp:360
    #4  0x000000000071c2dd in HierarchicalBitmapRequester::Pull8Lines (this=0x792720,
        c=<optimized out>) at hierarchicalbitmaprequester.cpp:447
    #5  0x0000000000720156 in HierarchicalBitmapRequester::ReconstructRegion (this=0x792720,
        orgregion=..., rr=0x7fffffffdae8) at hierarchicalbitmaprequester.cpp:739
    #6  0x000000000045c501 in Image::ReconstructRegion (this=0x7923b0, bmh=0x7fffffffd790,
        rr=0x7fffffffdae8) at image.cpp:1115
    #7  0x000000000043e266 in JPEG::InternalDisplayRectangle (this=0x7904c8, tags=0x7fffffffde90)
        at jpeg.cpp:721
    #8  0x000000000043e14b in JPEG::DisplayRectangle (this=0x7904c8, tags=0x7fffffffde90)
        at jpeg.cpp:699
    #9  0x000000000041e336 in Reconstruct (infile=<optimized out>,
        outfile=0x7fffffffe704 "/dev/null", colortrafo=1,
        alpha=0x790280 "\230$\255", <incomplete sequence \373>, upsample=true)
        at reconstruct.cpp:331
    #10 0x0000000000408b6a in main (argc=<optimized out>, argv=0x87a720) at main.cpp:747
    

poc.zip

CVE-2022-37770: Segmentation fault in LineMerger::GetNextLowpassLine · Issue #79 · thorfdbg/libjpeg

libjpeg commit 281daa9 was discovered to contain a segmentation fault via HuffmanDecoder::Get at huffmandecoder.hpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.

Hi, there.

There is a segmentation fault in the newest master branch.

    Program received signal SIGSEGV, Segmentation fault.
    HuffmanDecoder::Get (this=0x0, io=0x7933c8)
        at /home/users/chluo/libjpeg/codestream/../coding/huffmandecoder.hpp:112
    warning: Source file is more recent than executable.
    (gdb) bt
    #0  HuffmanDecoder::Get (this=0x0, io=0x7933c8)
        at /home/users/chluo/libjpeg/codestream/../coding/huffmandecoder.hpp:112
    #1  0x0000000000491388 in LosslessScan::ParseMCU (this=0x793250, prev=0x7fffffffda90,
        top=0x7fffffffda70) at losslessscan.cpp:374
    #2  0x0000000000491b4a in LosslessScan::ParseMCU (this=0x793250)
        at losslessscan.cpp:440
    #3  0x000000000043aca1 in JPEG::ReadInternal (this=0x7904c8, tags=0x7fffffffdd40)
        at jpeg.cpp:345
    #4  0x000000000043988b in JPEG::Read (this=0x7904c8, tags=0x7fffffffdd40)
        at jpeg.cpp:210
    #5  0x000000000041cabb in Reconstruct (infile=<optimized out>,
        outfile=0x7fffffffe6fc "/dev/null", colortrafo=1, alpha=0x0, upsample=true)
        at reconstruct.cpp:121
    #6  0x0000000000408b6a in main (argc=<optimized out>, argv=0x0) at main.cpp:747

CVE-2022-37769: Segmentation fault in HuffmanDecoder::Get · Issue #78 · thorfdbg/libjpeg

An out-of-bounds read access vulnerability was discovered in UPX in PackLinuxElf64::canPack() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service.

@@ -2039,11 +2039,12 @@ bool PackLinuxElf32::canPack() if (sec\_strndx) { unsigned const sh\_name = get\_te32(&sec\_strndx->sh\_name); if (Elf32\_Shdr::SHT\_STRTAB != get\_te32(&sec\_strndx->sh\_type) || (u32\_t)file\_size <= sh\_name // FIXME: weak || (u32\_t)file\_size <= (sizeof(".shstrtab") \+ sh\_name + (shstrtab - (const char \*)&file\_image\[0\])) || (sh\_name && 0!=strcmp((char const \*)".shstrtab", &shstrtab\[sh\_name\])) ) { throwCantPack("bad e\_shstrndx"); throwCantPack("bad e\_shstrtab"); } } } @@ -2388,11 +2389,12 @@ PackLinuxElf64::canPack() if (sec\_strndx) { unsigned const sh\_name = get\_te32(&sec\_strndx->sh\_name); if (Elf64\_Shdr::SHT\_STRTAB != get\_te32(&sec\_strndx->sh\_type) || (u32\_t)file\_size <= sh\_name // FIXME: weak || (u32\_t)file\_size <= (sizeof(".shstrtab") \+ sh\_name + (shstrtab - (const char \*)&file\_image\[0\])) || (sh\_name && 0!=strcmp((char const \*)".shstrtab", &shstrtab\[sh\_name\])) ) { throwCantPack("bad e\_shstrndx"); throwCantPack("bad e\_shstrtab"); } } }

CVE-2020-27788: Detect bad e_shstrtab better. · upx/upx@1bb93d4

Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an unauthenticated user to potentially enable denial of service via adjacent access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® PROSet/Wireless WiFi and Killer™ WiFi Advisory**

Intel ID:

INTEL-SA-00621

Advisory Category:

Firmware

Impact of vulnerability:

Escalation of Privilege, Denial of Service, Information Disclosure

Severity rating:

HIGH

Original release:

08/09/2022

Last revised:

08/09/2022

**Summary: **

Potential security vulnerabilities in some Intel® PROSet/Wireless WiFi and Killer™ WiFi products may allow escalation of privilege, information disclosure or denial of service. Intel is releasing firmware and software updates to mitigate these potential vulnerabilities.

**Vulnerability Details:**

CVEID:  CVE-2022-21181

Description: Improper input validation for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.2 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVEID:  CVE-2021-37409

Description: Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.2 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVEID:  CVE-2021-23223

Description: Improper initialization for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.2 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVEID:  CVE-2021-23168

Description: Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVSS Base Score: 6.5 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVEID:  CVE-2021-44545

Description: Improper input validation for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVSS Base Score: 6.5 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVEID:  CVE-2021-26254

Description: Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable denial of service via local access.

CVSS Base Score: 6.0 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

CVEID:  CVE-2022-21172

Description: Out of bounds write for some Intel(R) PROSet/Wireless WiFi products may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.0 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CVEID:  CVE-2022-21240

Description: Out of bounds read for some Intel(R) PROSet/Wireless WiFi products may allow a privileged user to potentially enable information disclosure via local access.

CVSS Base Score: 6.0 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H

CVEID:  CVE-2022-21139

Description: Inadequate encryption strength for some Intel(R) PROSet/Wireless WiFi products may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

CVSS Base Score: 5.4 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CVEID:  CVE-2022-21197

Description: Improper input validation for some Intel(R) PROSet/Wireless WiFi products may allow an unauthenticated user to potentially enable denial of service via network access.

CVSS Base Score: 5.3 Medium

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVEID:  CVE-2022-21160

Description: Improper buffer restrictions for some Intel(R) PROSet/Wireless WiFi products may allow an unauthenticated user to potentially enable denial of service via network access.

CVSS Base Score: 5.3 Medium

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVEID:  CVE-2021-23188

Description: Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 4.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CVEID:  CVE-2022-21212

Description: Improper input validation for some Intel(R) PROSet/Wireless WiFi products may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVSS Base Score: 4.3 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVEID:  CVE-2022-21140

Description: Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable information disclosure via local access.

CVSS Base Score: 4.2 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

**Affected Products:**

Intel® PROSet/Wireless WiFi software before version 22.120, Killer™ WiFi software before version 3.1122.1105 and UEFI version 2.2.12.22071.

CVE ID

Affected Products

Affected OS

CVE-2022-21181

Intel® Dual Band Wireless-AC 8265

Intel® Dual Band Wireless-AC 8260

Intel® Wireless-AC 9560

Intel® Wireless-AC 9462

Intel® Wireless-AC 9461

Intel® Wireless-AC 9260

Windows 10 & 11

Linux

Chrome OS

CVE-2022-21181

Killer™ Wireless-AC 1550

Windows 10 & 11

CVE-2021-23223

Intel® Wi-Fi 6E AX411

Intel® Wi-Fi 6E AX211

Intel® Wi-Fi 6E AX210

Windows 10 & 11

Linux

Chrome OS

UEFI

CVE-2021-23223

Killer™ Wi-Fi 6E AX1690

Killer™ Wi-Fi 6E AX1675

Windows 10 & 11

CVE-2021-37409

Intel® Wi-Fi 6E AX411

Intel® Wi-Fi 6E AX211

Intel® Wi-Fi 6E AX210

Intel® Wi-Fi 6 AX201

Intel® Wi-Fi 6 AX200

Intel® Wireless-AC 9560

Intel® Wireless-AC 9462

Intel® Wireless-AC 9461

Intel® Wireless-AC 9260

Windows 10 & 11

Linux

Chrome OS

UEFI

CVE-2021-37409

Killer™ Wi-Fi 6E AX1690

Killer™ Wi-Fi 6E AX1675

Killer™ Wi-Fi 6 AX1650

Killer™ Wireless-AC 1550

Windows 10 & 11

CVE-2022-21140, CVE-2021-23188

Intel® Wi-Fi 6E AX411

Intel® Wi-Fi 6E AX211

Intel® Wi-Fi 6E AX210

Intel® Wi-Fi 6 AX201

Intel® Wi-Fi 6 AX200

Intel® Wireless-AC 9560

Intel® Wireless-AC 9462

Intel® Wireless-AC 9461

Intel® Wireless-AC 9260

Intel® Dual Band Wireless-AC 3168

Intel® Wireless 7265 (Rev D) Family

Intel® Dual Band Wireless-AC 3165

Intel® Dual Band Wireless-AC 8265

Intel® Dual Band Wireless-AC 8260

Windows 10 & 11

CVE-2022-21140, CVE-2021-23188

Killer™ Wi-Fi 6E AX1690

Killer™ Wi-Fi 6E AX1675

Killer™ Wi-Fi 6 AX1650

Killer™ Wireless-AC 1550

Windows 10 & 11

CVE-2021-26254

Intel® Wi-Fi 6E AX411

Intel® Wi-Fi 6E AX211

Intel® Wi-Fi 6E AX210

Intel® Wi-Fi 6 AX201

Intel® Wi-Fi 6 AX200

Windows 10 & 11

CVE-2021-26254

Killer™ Wi-Fi 6E AX1690

Killer™ Wi-Fi 6E AX1675

Killer™ Wi-Fi 6 AX1650

Windows 10 & 11

CVE-2021-23168

Intel® Wi-Fi 6E AX411

Intel® Wi-Fi 6E AX211

Intel® Wi-Fi 6E AX210

Intel® Wi-Fi 6 AX201

Intel® Wi-Fi 6 AX200

Intel® Wireless-AC 9560

Intel® Wireless-AC 9462

Intel® Wireless-AC 9461

Intel® Wireless-AC 9260

Intel® Dual Band Wireless-AC 3168

Intel® Wireless 7265 (Rev D) Family

Intel® Dual Band Wireless-AC 3165

Intel® Dual Band Wireless-AC 8265

Intel® Dual Band Wireless-AC 8260

Windows 10 & 11

Linux

Chrome OS

CVE-2021-23168

Killer™ Wi-Fi 6E AX1690

Killer™ Wi-Fi 6E AX1675

Killer™ Wi-Fi 6 AX1650

Killer™ Wireless-AC 1550

Windows 10 & 11

CVE-2021-44545

Intel® Wi-Fi 6E AX411

Intel® Wi-Fi 6E AX211

Intel® Wi-Fi 6E AX210

Intel® Wi-Fi 6 AX201

Intel® Wi-Fi 6 AX200

Windows 10 & 11

Linux

UEFI

CVE-2021-44545

Killer™ Wi-Fi 6E AX1690

Killer™ Wi-Fi 6E AX1675

Killer™ Wi-Fi 6 AX1650

Windows 10 & 11

CVE-2022-21212, CVE-2022-21197, CVE-2022-21160, CVE-2022-21139

Intel® Wi-Fi 6E AX411

Intel® Wi-Fi 6E AX211

Intel® Wi-Fi 6E AX210

Intel® Wi-Fi 6 AX201

Intel® Wi-Fi 6 AX200

Intel® Wireless-AC 9560

Intel® Wireless-AC 9462

Intel® Wireless-AC 9461

Intel® Wireless-AC 9260

UEFI

CVE-2022-21172, CVE-2022-21240

Intel® Wi-Fi 6E AX411

Intel® Wi-Fi 6E AX211

Intel® Wi-Fi 6E AX210

UEFI

**Recommendations:**

**Windows:**

Intel recommends updating Intel® PROSet/Wireless WiFi software to version 22.120 or later.

Updates are available for download at this location:

https://www.intel.com/content/www/us/en/download/19351/windows-10-and-windows-11-wi-fi-drivers-for-intel-wireless-adapters.html

Intel recommends updating Killer™ WiFi software to version 3.1122.1105 or later.

Updates for Killer™ products are available for download at this location:

https://www.intel.com/content/www/us/en/download/19779/intel-killer-performance-suite.html

Important note regarding the mitigation of CVE-2022-21181:

For the below Intel vPro® platforms that have Intel® Active Management Technology (AMT) provisioned and Wireless AMT enabled, the CSME version needs to be updated as well.

**Platform**

**CSME Version**

**Device**

11th Generation Intel® Core Processor

15.0.41

Intel® Wireless-AC 9260

9th Generation Intel® Core Processor

12.0.90

Intel® Wireless-AC 9260  
Intel® Wireless-AC 9560

8th Generation Intel® Core Processor

12.0.90

Intel® Wireless-AC 9260  
Intel® Wireless-AC 9560

7th Generation Intel® Core Processor  
6th Generation Intel® Core Processor

11.8.92 (11.12,11.22 for workstations)

Intel® Dual Band Wireless-AC 8265  
Intel® Dual Band Wireless-AC 8260

Intel recommends that users of Intel® vPRO® CSME WiFi products update to the latest version provided by the system manufacturer that addresses these issues.

**UEFI:**

Intel recommends updating Intel® PROSet/Wireless WiFi UEFI drivers to version 2.2.12.22071 or later.

Please contact your OEM support group to obtain the correct driver version.

**Chrome OS:**

Intel® PROSet/Wireless WiFi drivers to mitigate these vulnerabilities will be up streamed to Chromium by August 09, 2022.

For any Google Chrome OS solution and schedule, please contact Google directly.

**Linux OS:**

Intel® PROSet/Wireless WiFi drivers to mitigate these vulnerabilities will be up streamed by August 09, 2022.

Consult the regular opensource channels to obtain this update.

**Acknowledgements:**

Intel would like to thank Nicholas Iooss and Gabriel Campana of Ledger Donjon for reporting CVE-2022-21181. The remaining issues were found internally by Intel employees.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

08/09/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2021-23168: INTEL-SA-00621

Out of bounds read in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow a privileged user to potentially enable information disclosure via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® Wireless Bluetooth® and Killer™ Bluetooth® Advisory**

Intel ID:

INTEL-SA-00628

Advisory Category:

Firmware

Impact of vulnerability:

Escalation of Privilege, Denial of Service, Information Disclosure

Severity rating:

HIGH

Original release:

08/09/2022

Last revised:

08/09/2022

**Summary: **

Potential security vulnerabilities in some Intel® Wireless Bluetooth® and Killer™ Bluetooth® products may allow escalation of privilege, denial of service or information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities.

**Vulnerability Details:**

CVEID:  CVE-2021-33847

Description: Improper buffer restrictions in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.9 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L

CVEID:  CVE-2021-26257

Description: Improper buffer restrictions in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 5.6 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H

CVEID:  CVE-2021-26950

Description: Out of bounds read in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 5.6 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H

CVEID:  CVE-2021-23179

Description: Out of bounds read in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow a privileged user to potentially enable information disclosure via local access.

CVSS Base Score: 2.3 Low

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

**Affected Products:**

Intel® Wireless Bluetooth® products:

*   Intel® Wi-Fi 6 AX411
*   Intel® Wi-Fi 6 AX211
*   Intel® Wi-Fi 6 AX210
*   Intel® Wi-Fi 6 AX201
*   Intel® Wi-Fi 6 AX200
*   Intel® Wireless-AC 9560
*   Intel® Wireless-AC 9462
*   Intel® Wireless-AC 9461
*   Intel® Wireless-AC 9260
*   Intel® Dual Band Wireless-AC 8265
*   Intel® Dual Band Wireless-AC 8260
*   Intel® Dual Band Wireless-AC 3168
*   Intel® Wireless 7265 (Rev D) Family
*   Intel® Dual Band Wireless-AC 3165

Killer™ Bluetooth® products:

*   Killer™ Wi-Fi 6E AX1690
*   Killer™ Wi-Fi 6E AX1675         
*   Killer™ Wi-Fi 6 AX1650
*   Killer™ Wireless-AC 1550

**Recommendations:**

**Windows OS:**

Intel recommends updating the affected Intel® Wireless Bluetooth® and Killer™ Bluetooth® products to version 22.120 or later.

Windows 10 and Windows 11 updates are available for download at this location:

https://www.intel.com/content/www/us/en/download/18649/intel-wireless-bluetooth-for-windows-10-and-windows-11.html

**Acknowledgements:**

The following issues were found internally by Intel employees.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

08/09/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2021-23179: INTEL-SA-00628

Insufficient control flow management in the Intel(R) Ethernet 500 Series Controller drivers for VMWare before version 1.11.4.0 and in the Intel(R) Ethernet 700 Series Controller drivers for VMWare before version 2.1.5.0 may allow an authenticated user to potentially enable a denial of service via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® Ethernet VMware Drivers Advisory**

**Summary: **

A potential security vulnerability in some Intel® Ethernet VMWare drivers may allow denial of service.  Intel is releasing software updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2022-21793

Description: Insufficient control flow management in the Intel(R) Ethernet 500 Series Controller drivers for VMWare before version 1.11.4.0 and in the Intel(R) Ethernet 700 Series Controller drivers for VMWare before version 2.1.5.0 may allow an authenticated user to potentially enable a denial of service via local access.

CVSS Base Score: 6.5 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

**Affected Products:**

Intel® Ethernet 500 Series Controller drivers for VMWare before version 1.11.4.0.

Intel® Ethernet 700 Series Controller drivers for VMWare before version 2.1.5.0.

**Recommendations:**

Intel recommends updating Intel® Ethernet 500 Series Controller drivers for VMware to version 1.11.4.0 or later.

*   Updates are available for download from VMware at this location: ixgben-1.11.4.0

Intel recommends updating Intel® Ethernet 700 Series Controller drivers for VMWare to version 2.1.5.0 or later.

*   Updates are available for download from VMware at this location: i40en-2.1.5.0

**Acknowledgements:**

These issues were found internally by Intel.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

08/09/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-21793: INTEL-SA-00650

Improper initialization in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable denial of service via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® Data Center Manager Advisory**

Intel ID:

INTEL-SA-00662

Advisory Category:

Software

Impact of vulnerability:

Escalation of Privilege, Denial of Service

Severity rating:

CRITICAL

Original release:

08/09/2022

Last revised:

08/09/2022

**Summary:**

Potential security vulnerabilities in the Intel® Data Center Manager software may allow escalation of privilege or denial of service.  Intel is releasing software updates to mitigate these potential vulnerabilities.

**Vulnerability Details:**

CVEID: CVE-2022-21225

Description: Improper access control in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.

CVSS Base Score: 9.0 Critical

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2022-23182

Description: Improper access control in the Intel(R) Data Center Manager software before version 4.1 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

CVSS Base Score: 4.7 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CVEID: CVE-2022-24378

Description: Improper initialization in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 3.3 Low

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CVEID: CVE-2022-23403

Description: Improper input validation in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 3.3 Low

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

**Affected Products:**

Intel® Data Center Manager software before version 4.1.

**Recommendation:**

Intel recommends updating Intel® Data Center Manager to version 4.1 or later.

Updates are available for download at this location: https://www.intel.com/content/www/us/en/download/645992

**Acknowledgements:**

Intel would like to thank Julien Ahrens from RCE Security (CVE-2022-21225), @j00sean (CVE-2022-23182, CVE-2022-24378, CVE-2022-23403) for reporting these issues.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

08/09/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

Tag

#dos