Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2022-29900

UNKNOWN
Published 2022-07-12T15:50:10.585306Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2022-29900. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

AMD

AMD Processors

Affected Versions:

Processor Some AMD Processors

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-f3p5-98fc-2gxr

Advisory Details

AMD microprocessor families 15h to 18h are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-29900
WEB https://comsec.ethz.ch/retbleed
WEB https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html
WEB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/D4RW5FCIYFNCQOEFJEUIRW3DGYW7CWBG
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/KLSRW4LLTAT3CZMOYVNTC7YIYGX3KLED
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/M27MB3QFNIJV4EQQSXWARHP3OGX6CR6K
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM
WEB https://security.gentoo.org/glsa/202402-07
WEB https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037
WEB https://www.debian.org/security/2022/dsa-5184
WEB https://www.debian.org/security/2022/dsa-5207
WEB https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability
WEB http://www.openwall.com/lists/oss-security/2022/07/12/2
WEB http://www.openwall.com/lists/oss-security/2022/07/12/4
WEB http://www.openwall.com/lists/oss-security/2022/07/12/5
WEB http://www.openwall.com/lists/oss-security/2022/07/13/1
WEB http://xenbits.xen.org/xsa/advisory-407.html

Advisory provided by GitHub Security Advisory Database. Published: July 13, 2022, Modified: July 23, 2022

References

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/
https://www.debian.org/security/2022/dsa-5207
https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html
https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/
https://security.gentoo.org/glsa/202402-07
Published: 2022-07-12T15:50:10.585306Z
Last Modified: 2024-11-20T16:13:31.449Z
Copied to clipboard!