CVE-2022-21812 : Improper access control in the Intel(R) HAXM software before version 7.7.1 may allow an authenticated user to potentiall

Improper access control in the Intel(R) HAXM software before version 7.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Published 2022-08-18 20:15:10

Updated 2022-08-19 20:12:08

Source Intel Corporation

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2022-21812

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 11 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-21812

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2022-21812

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-21812

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00655.html

Access Denied
Vendor Advisory

Products affected by CVE-2022-21812

Intel » Hardware Accelerated Execution Manager
Versions before (<) 7.7.1
cpe:2.3:a:intel:hardware_accelerated_execution_manager:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2022-21812

Exploit prediction scoring system (EPSS) score for CVE-2022-21812

CVSS scores for CVE-2022-21812

CWE ids for CVE-2022-21812

References for CVE-2022-21812

Products affected by CVE-2022-21812