Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-29900

Опубликовано: 12 июл. 2022
Источник: redhat
CVSS3: 5.6
EPSS Низкий

Описание

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.

A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelWill not fix
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2022:733802.11.2022
Red Hat Enterprise Linux 7kernelFixedRHSA-2022:733702.11.2022
Red Hat Enterprise Linux 8kernel-rtFixedRHSA-2022:713425.10.2022
Red Hat Enterprise Linux 8kernelFixedRHSA-2022:711025.10.2022
Red Hat Enterprise Linux 9kernelFixedRHSA-2022:826715.11.2022
Red Hat Enterprise Linux 9kernel-rtFixedRHSA-2022:793315.11.2022
Red Hat Enterprise Linux 9kernelFixedRHSA-2022:826715.11.2022
Red Hat Enterprise Linux 9.0 Extended Update SupportkernelFixedRHSA-2022:897313.12.2022
Red Hat Enterprise Linux 9.0 Extended Update Supportkernel-rtFixedRHSA-2022:897413.12.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=2090226hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions

EPSS

Процентиль: 80%
0.01415
Низкий

5.6 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-29900

CVSS3: 6.5
ubuntu
почти 3 года назад

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.

nvd логотип

CVE-2022-29900

CVSS3: 6.5
nvd
почти 3 года назад

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.

msrc логотип

CVE-2022-29900

msrc
почти 3 года назад

AMD: CVE-2022-29900 AMD CPU Branch Type Confusion

debian логотип

CVE-2022-29900

CVSS3: 6.5
debian
почти 3 года назад

Mis-trained branch predictions for return instructions may allow arbit ...

github логотип

GHSA-f3p5-98fc-2gxr

CVSS3: 6.5
github
почти 3 года назад

AMD microprocessor families 15h to 18h are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.

EPSS

Процентиль: 80%
0.01415
Низкий

5.6 Medium

CVSS3