{
  "threat_severity" : "Important",
  "public_date" : "2023-08-08T00:00:00Z",
  "bugzilla" : {
    "description" : "hw: Intel: Unauthorized error injection in Intel SGX or Intel TDX",
    "id" : "2230685",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2230685"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.2",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-1334",
  "details" : [ "Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.", "A flaw was found in hw. Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) processors may allow a privileged user to potentially enable escalation of privilege via local access." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2023-10-10T00:00:00Z",
    "advisory" : "RHBA-2023:5620",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "microcode_ctl-2:2.1-73.19.el7_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-09-06T00:00:00Z",
    "advisory" : "RHEA-2023:4995",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "microcode_ctl-4:20220809-2.20230808.2.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-09-06T00:00:00Z",
    "advisory" : "RHEA-2023:4998",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "microcode_ctl-4:20220809-2.20230808.2.el9_2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Affected",
    "package_name" : "microcode_ctl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-41804\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-41804\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00837.html" ],
  "name" : "CVE-2022-41804",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}