ALT-PU-2022-2363-1 — kernel-image-centos

BDU:2022-04387

MEDIUM6.5

Уязвимость микропрограммного обеспечения процессоров Intel и AMD, позволяющая нарушителю раскрыть защищаемую информацию из памяти ядра или осуществить атаку на хост-систему из виртуальных машин

Published: 2022-07-15Modified: 2024-09-30

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CVSS 2.0MEDIUM 4.6

CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:N/A:N

References

CVE-2022-29900

BDU:2022-04388

MEDIUM5.6

Уязвимость микропрограммного обеспечения процессоров Intel и AMD, позволяющая нарушителю раскрыть защищаемую информацию из памяти ядра или осуществить атаку на хост-систему из виртуальных машин

Published: 2022-07-15Modified: 2025-02-11

CVSS 3.xMEDIUM 5.6

CVSS:3.x/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CVSS 2.0LOW 3.8

CVSS:2.0/AV:L/AC:H/Au:S/C:C/I:N/A:N

References

CVE-2022-29901

BDU:2023-01494

MEDIUM6.5

Уязвимость микропрограммного обеспечения процессоров AMD, позволяющая нарушителю раскрыть защищаемую информацию

Published: 2023-03-23Modified: 2025-04-29

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CVSS 2.0MEDIUM 4.6

CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:N/A:N

References

CVE-2022-23825

CVE-2022-23816

NONE

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.

Published: 2023-01-17Modified: 2023-11-07

CVE-2022-23825

MEDIUM6.5

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.

Published: 2022-07-14Modified: 2024-11-21

CVSS 2.0LOW 2.1

CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

References

CVE-2022-29900

MEDIUM6.5

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.

Published: 2022-07-12Modified: 2024-11-21

CVSS 2.0LOW 2.1

CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

References

CVE-2022-29901

MEDIUM6.5

Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.

Published: 2022-07-12Modified: 2024-11-21

CVSS 2.0LOW 1.9

CVSS:2.0/AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

References

Package update kernel-image-centos in branch sisyphus

Closed issues (7)

Уязвимость микропрограммного обеспечения процессоров AMD, позволяющая нарушителю раскрыть защищаемую информацию

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.