CVE-2022-29901Sensitive Information Exposure in Intel Microprocessors

CWE-200Sensitive Information ExposureCWE-668Resource Exposure22 documents8 sources
Severity
6.5MEDIUMNVD
CNA5.6
EPSS
0.1%
top 77.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Linux KernelIntel MicroprocessorsDebian Linux+2 more
Timeline
PublishedJul 12
Latest updateJul 12

Description

Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 2.0 | Impact: 4.0

Affected Packages3 packages

CVEListV5intel/intel_microprocessorsgenerations 6 to 8
Debianlinux/linux_kernel< 5.10.136-1+3
NVDvmware/esxi7.0

Also affects: Debian Linux 10.0, 11.0, Fedora 35, 36

🔴Vulnerability Details

3
GHSA
GHSA-55c8-6r36-9g85: Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak2022-07-13
OSV
CVE-2022-29901: Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak2022-07-12
CVEList
Arbitrary Memory Disclosure through CPU Side-Channel Attacks (Retbleed)2022-07-12

📋Vendor Advisories

18
Ubuntu
Linux kernel vulnerabilities2023-07-12
Ubuntu
Linux kernel (GCP) vulnerabilities2023-04-11
Ubuntu
Linux kernel vulnerabilities2023-03-27
Ubuntu
Linux kernel (Azure) vulnerabilities2023-03-06
Ubuntu
Linux kernel (HWE) vulnerabilities2023-02-22
CVE-2022-29901 — Sensitive Information Exposure | cvebase