Vulnerability CVE-2021-0145 - CERT Civis.Net

Vulnerability Name:

CVE-2021-0145 (CCN-219023)

Assigned:

2020-10-22

Published:

2022-02-08

Updated:

2022-02-15

Summary:

Improper initialization of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS v3 Severity:

5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

CVSS v2 Severity:

2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): None Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2021-0145

Source: XF
Type: UNKNOWN
intel-cve20210145-info-disc(219023)

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20220210-0009/

Source: CCN
Type: IBM Security Bulletin 6612827 (Cloud Pak System Software)
Multiple Vulnerabilities in Intel Processors affect IBM Cloud Pak System

Source: CCN
Type: IBM Security Bulletin 6845359 (Security QRadar SIEM)
IBM QRadar SIEM Appliances could be vulnerable to multiple Intel CVEs

Source: CCN
Type: INTEL-SA-00561
2021.2 IPU - Intel Processor Advisory

Source: MISC
Type: Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00561.html

Vulnerable Configuration:

Configuration 1:

cpe:/o:netapp:fas/aff_bios:-:*:*:*:*:*:*:*

Configuration 2:

cpe:/h:intel:celeron_6305:-:*:*:*:*:*:*:*

OR cpe:/h:intel:celeron_6305e:-:*:*:*:*:*:*:*

OR cpe:/h:intel:celeron_6600he:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i3-1000g1:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i3-1000g4:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i3-1005g1:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i3-11100he:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i3-1110g4:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i3-1115g4:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i3-1115g4e:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i3-1115gre:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i3-1120g4:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i3-1125g4:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i5-1030g4:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i5-1030g7:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i5-1035g1:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i5-1035g4:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i5-1035g7:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i5-11260h:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i5-11300h:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i5-1130g7:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i5-11320h:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i5-1135g7:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i5-11400:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i5-11400f:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i5-11400h:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i5-11400t:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i5-1140g7:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i5-1145g7:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i5-1145g7e:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i5-1145gre:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i5-11500:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i5-11500h:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i5-11500t:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i5-1155g7:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i5-11600:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i5-11600k:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i5-11600kf:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i5-11600t:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i7-1060g7:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i7-1065g7:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i7-11370h:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i7-11375h:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i7-11390h:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i7-1160g7:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i7-1165g7:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i7-11700:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i7-11700f:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i7-11700k:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i7-11700kf:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i7-11700t:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i7-11800h:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i7-1180g7:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i7-11850h:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i7-11850he:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i7-1185g7:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i7-1185g7e:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i7-1185gre:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i7-1195g7:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i9-11900:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i9-11900f:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i9-11900h:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i9-11900k:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i9-11900kf:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i9-11900t:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i9-11950h:-:*:*:*:*:*:*:*

OR cpe:/h:intel:core_i9-11980hk:-:*:*:*:*:*:*:*

OR cpe:/h:intel:pentium_gold_7505:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e-2314:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e-2324g:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e-2334:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e-2336:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e-2356g:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e-2374g:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e-2378:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e-2378g:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e-2386g:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e-2388g:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_gold_5300:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_gold_6300:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum_8321hc:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum_8351n:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum_8352m:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum_8352s:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum_8352v:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum_8352y:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum_8353h:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum_8354h:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum_8356h:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum_8358:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum_8358p:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum_8360:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum_8360h:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum_8360hl:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum_8360y:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum_8362:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum_8368:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum_8368q:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum_8376h:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum_8376hl:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum_8380:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum_8380h:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum_8380hl:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_silver_4300:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_w-11155mle:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_w-11155mre:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_w-11555mle:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_w-11555mre:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_w-11855m:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_w-11865mle:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_w-11865mre:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_w-11955m:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_w-1300:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_w-1350:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_w-1350p:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_w-1370:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_w-1370p:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_w-1390:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_w-1390p:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_w-1390t:-:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ibm:qradar_security_information_and_event_manager:7.4:-:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7821	P	ucode-intel-20230214-150200.21.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:3214	P	libmysqlclient18-10.0.40.1-2.9.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94844	P	ucode-intel-20220207-10.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:375	P	ucode-intel-20220207-10.1 on GA media (Moderate)	2022-06-10
oval:org.opensuse.security:def:126969	P	Security update for ucode-intel (Important)	2022-02-25
oval:org.opensuse.security:def:118819	P	Security update for ucode-intel (Important)	2022-02-25
oval:org.opensuse.security:def:101643	P	Security update for ucode-intel (Important)	2022-02-25
oval:org.opensuse.security:def:119497	P	Security update for ucode-intel (Important)	2022-02-25
oval:org.opensuse.security:def:42344	P	Security update for ucode-intel (Important)	2022-02-25
oval:org.opensuse.security:def:127367	P	Security update for ucode-intel (Important)	2022-02-25
oval:org.opensuse.security:def:119009	P	Security update for ucode-intel (Important)	2022-02-25
oval:org.opensuse.security:def:951	P	Security update for ucode-intel (Important)	2022-02-25
oval:org.opensuse.security:def:119682	P	Security update for ucode-intel (Important)	2022-02-25
oval:org.opensuse.security:def:119119	P	Security update for ucode-intel (Important)	2022-02-25
oval:org.opensuse.security:def:125806	P	Security update for ucode-intel (Important)	2022-02-25
oval:org.opensuse.security:def:6172	P	Security update for ucode-intel (Important)	2022-02-25
oval:org.opensuse.security:def:119314	P	Security update for ucode-intel (Important)	2022-02-25
oval:org.opensuse.security:def:42200	P	Security update for ucode-intel (Important)	2022-02-25