CVE-2022-23824Processor Optimization Removal or Modification of Security-critical Code in AMD Processors

CWE-1037Processor Optimization Removal or Modification of Security-critical Code7 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 89.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
XENAMD ProcessorsFedoraproject Fedora
Timeline
PublishedNov 9
Latest updateNov 10

Description

IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Debianxen/xen< 4.14.5+94-ge49571868d-1+3
CVEListV5amd/amd_processorsProcessor various

Also affects: Fedora 35, 37

Patches

Patch: www.openwall.comPatch: www.openwall.com

🔴Vulnerability Details

3
GHSA
GHSA-hhhj-6x4j-w995: IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure2022-11-10
OSV
CVE-2022-23824: IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure2022-11-09
CVEList
CVE-2022-23824: IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure2022-11-09

📋Vendor Advisories

3
Microsoft
AMD: CVE-2022-23824 IBPB and Return Address Predictor Interactions2022-11-08
Red Hat
hw: cpu: AMD: IBPB and Return Address Predictor Interactions2022-07-12
Debian
CVE-2022-23824: xen - IBPB may not prevent return branch predictions from being specified by pre-IBPB ...2022
CVE-2022-23824 — AMD Processors vulnerability | cvebase