CVE-2022-40982
linux - security update
6.5
MEDIUM
CVSS 3.1
EPSS 0.78%
Description
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
How to fix CVE-2022-40982
To remediate CVE-2022-40982, upgrade the affected package to a fixed version below.
- Alpine/intel-ucode—upgrade to 20230808-r0 or later
- —upgrade to 4.15.5-r0 or later
- —upgrade to 3.20230808.1~deb10u1 or later
- —upgrade to 3.20230808.1~deb11u1 or later
- —upgrade to 3.20230808.1~deb11u1 or later
- —upgrade to 4.19.289-2 or later
- —upgrade to 5.10.179-5 or later
- —upgrade to 5.10.179-5 or later
- —upgrade to 5.10.179-5~deb10u1 or later
Is CVE-2022-40982 being exploited?
Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.
Affected packages (9)
- from 0, < 20230808-r0
- from 0, < 4.15.5-r0
- from 0, < 3.20230808.1~deb10u1
- from 0, < 3.20230808.1~deb11u1
- from 0, < 3.20230808.1~deb11u1
- from 0, < 4.19.289-2
- from 0, < 5.10.179-5
- from 0, < 5.10.179-5
- from 0, < 5.10.179-5~deb10u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |