Details of VAR-202111-1206

ID

VAR-202111-1206

CVE

CVE-2021-0182

TITLE

Intel(R) HAXM Resource Exhaustion Vulnerability in Software

Trust: 0.8

sources: JVNDB: JVNDB-2021-015267

DESCRIPTION

Uncontrolled resource consumption in the Intel(R) HAXM software before version 7.6.6 may allow an unauthenticated user to potentially enable information disclosure via local access. Intel(R) HAXM The software has a resource exhaustion vulnerability.Information may be obtained. Intel SGX SDK is a software development kit based on SGX (Intel Software Security Extensions) technology developed by Intel Corporation. Intel has security vulnerabilities, which originate from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components

Trust: 1.8

sources: NVD: CVE-2021-0182 // JVNDB: JVNDB-2021-015267 // VULHUB: VHN-371751 // VULMON: CVE-2021-0182

AFFECTED PRODUCTS

vendor:	intel	model:	hardware accelerated execution manager	scope:	lt	version:	7.6.6	Trust: 1.0
vendor:	インテル	model:	intel hardware accelerated execution manager	scope:	eq	version:	7.6.6	Trust: 0.8
vendor:	インテル	model:	intel hardware accelerated execution manager	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-015267 // NVD: CVE-2021-0182

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-0182
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-0182
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202110-935
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-371751
value:	LOW
Trust: 0.1
VULMON:	CVE-2021-0182
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-0182
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-371751
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-0182
baseSeverity:	MEDIUM
baseScore:	6.2
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.5
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-0182
baseSeverity:	MEDIUM
baseScore:	6.2
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-371751 // VULMON: CVE-2021-0182 // JVNDB: JVNDB-2021-015267 // CNNVD: CNNVD-202110-935 // NVD: CVE-2021-0182

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.1
problemtype:	Resource exhaustion (CWE-400) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-371751 // JVNDB: JVNDB-2021-015267 // NVD: CVE-2021-0182

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202110-935

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202110-935

PATCH

title:	INTEL-SA-00544	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00544.html	Trust: 0.8
title:	Intel HAXM Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=165765	Trust: 0.6

sources: JVNDB: JVNDB-2021-015267 // CNNVD: CNNVD-202110-935

EXTERNAL IDS

db:	NVD	id:	CVE-2021-0182	Trust: 3.4
db:	JVN	id:	JVNVU92532697	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-015267	Trust: 0.8
db:	CNNVD	id:	CNNVD-202110-935	Trust: 0.7
db:	AUSCERT	id:	ESB-2021.3370	Trust: 0.6
db:	CS-HELP	id:	SB2021101314	Trust: 0.6
db:	VULHUB	id:	VHN-371751	Trust: 0.1
db:	VULMON	id:	CVE-2021-0182	Trust: 0.1

sources: VULHUB: VHN-371751 // VULMON: CVE-2021-0182 // JVNDB: JVNDB-2021-015267 // CNNVD: CNNVD-202110-935 // NVD: CVE-2021-0182

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00544.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-0182	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu92532697/	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2021.3370	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021101314	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/400.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-371751 // VULMON: CVE-2021-0182 // JVNDB: JVNDB-2021-015267 // CNNVD: CNNVD-202110-935 // NVD: CVE-2021-0182

SOURCES

db:	VULHUB	id:	VHN-371751
db:	VULMON	id:	CVE-2021-0182
db:	JVNDB	id:	JVNDB-2021-015267
db:	CNNVD	id:	CNNVD-202110-935
db:	NVD	id:	CVE-2021-0182

LAST UPDATE DATE

2024-08-14T14:31:30.838000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-371751	date:	2021-11-22T00:00:00
db:	VULMON	id:	CVE-2021-0182	date:	2021-11-22T00:00:00
db:	JVNDB	id:	JVNDB-2021-015267	date:	2022-11-15T01:59:00
db:	CNNVD	id:	CNNVD-202110-935	date:	2021-11-24T00:00:00
db:	NVD	id:	CVE-2021-0182	date:	2021-11-22T19:47:33.680

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-371751	date:	2021-11-17T00:00:00
db:	VULMON	id:	CVE-2021-0182	date:	2021-11-17T00:00:00
db:	JVNDB	id:	JVNDB-2021-015267	date:	2022-11-15T00:00:00
db:	CNNVD	id:	CNNVD-202110-935	date:	2021-10-13T00:00:00
db:	NVD	id:	CVE-2021-0182	date:	2021-11-17T20:15:09.507