CVE-2022-23825

CWE-668 — Exposure to Wrong Sphere CWE-200 — Information Exposure8 documents8 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 66.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD AMD Processors Debian Debian Linux Fedoraproject Fedora +1 more

Timeline

PublishedJul 14

Latest updateJul 15

Description

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 2.0 | Impact: 4.0

Affected Packages3 packages

▶CVEListV5amd/amd_processorsProcessor Some AMD Processors

▶Debianxen< 4.14.5+24-g87d90d511c-1+3

▶NVDvmware/esxi7.0

Also affects: Debian Linux 11.0, Fedora 35, 36

🔴Vulnerability Details

GHSA

GHSA-w7j2-r4x6-6frw: Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure↗2022-07-15

▶

OSV

CVE-2022-23825: Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure↗2022-07-14

▶

CVEList

CVE-2022-23825: Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure↗2022-07-14

▶

📋Vendor Advisories

VMware

VMware ESXi addresses Return-Stack-Buffer-Underflow and Branch Type Confusion vulnerabilities↗2022-07-12

▶

Red Hat

hw: cpu: AMD: Branch Type Confusion (non-retbleed)↗2022-07-12

▶

Microsoft

AMD: CVE-2022-23825 AMD CPU Branch Type Confusion↗2022-07-12

▶

Debian

CVE-2022-23825: xen - Aliases in the branch predictor may cause some AMD processors to predict the wro...↗2022

▶