Security Advisory CVE-2022-21151 Intel Processor Vulnerability in NetApp Products

Netapp, Inc. had published a security advisory.

This advisory should be considered the single source of current, up-to-date, authorized and accurate information from NetApp regarding ‘Full Support’ products and versions.

Advisory ID: NTAP-20220826-0003
Version: 4.0
Last updated: 12/12/2022
Status: Final.
CVEs: CVE-2022-21151

Overview

Summary
Multiple NetApp products incorporate Intel chipsets and processors. Processor optimization removal or modification of security-critical code for some Intel processors may allow an authenticated user to potentially enable information disclosure via local access. Refer to the vendor advisory INTEL-SA-00617 for specific version details.

Impact
Successful exploitation of this vulnerability could lead to disclosure of sensitive information.

Vulnerability scoring details

CVE	Score	Vector
CVE-2022-21151	5.3 (MEDIUM)	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N Exploitation and public announcements NetApp is aware of public discussion of this vulnerability.

CVE

Score

Vector

CVE-2022-21151

5.3 (MEDIUM)

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

Exploitation and public announcements
NetApp is aware of public discussion of this vulnerability.

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00617.html

Affected products

FAS/AFF BIOS – A900/9500

Remediation

Software versions and fixes
The company’s currently available patches are listed below.

Product	First fixed in release
FAS/AFF BIOS – A900/9500	https://mysupport.netapp.com/site/downloads/firmware/system-firmware-diagnostics Fixed by bug 1494327. First fixed versions include the following: 18.6

Product

First fixed in release

FAS/AFF BIOS – A900/9500

https://mysupport.netapp.com/site/downloads/firmware/system-firmware-diagnostics

Fixed by bug 1494327. First fixed versions include the following: 18.6

Workarounds
None at this time.

Obtaining software fixes
Software fixes will be made available through the NetApp Support website in the Software Download section.

Customers who do not have access to the support website should contact Technical Support at the number below to obtain the patches.

Contact information
Check http://mysupport.netapp.com for further updates.

For questions, contact NetApp at:
Technical support
mysupport.netapp.com
1 888 4 NETAPP (1 888 463 8277) (U.S. and Canada)
+00 800 44 638277 (EMEA/Europe)
+800 800 80 800 (Asia/Pacific)

Revision history

Status of this notice: Final
This advisory should be considered the single source of current, up-to-date, authorized and accurate information from NetApp regarding Full Support products and versions.

This advisory is posted at this link.

Revision history

Revision #	Date	Comments
1.0	20220826	Initial public release
2.0	20221024	FAS/AFF BIOS – A900/9500 added to software versions and fixes
3.0	20221121	FAS/AFF BIOS – A900/9500 added to software versions and fixes, Clustered Data ONTAP moved to products not affected
4.0	20221212	E-Series BIOS moved to products not affected, final status