ALT-PU-2022-2363-1
Package kernel-image-centos updated to version 5.14.0.143-alt1.el9 for branch sisyphus in task 304971.
Closed vulnerabilities
BDU:2022-04387
Уязвимость микропрограммного обеспечения процессоров Intel и AMD, позволяющая нарушителю раскрыть защищаемую информацию из памяти ядра или осуществить атаку на хост-систему из виртуальных машин
BDU:2022-04388
Уязвимость микропрограммного обеспечения процессоров Intel и AMD, позволяющая нарушителю раскрыть защищаемую информацию из памяти ядра или осуществить атаку на хост-систему из виртуальных машин
BDU:2023-01494
Уязвимость микропрограммного обеспечения процессоров AMD, позволяющая нарушителю раскрыть защищаемую информацию
Modified: 2023-11-07
CVE-2022-23816
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
Modified: 2024-11-21
CVE-2022-23825
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
- [oss-security] 20221108 Xen Security Advisory 422 v1 (CVE-2022-23824) - x86: Multiple speculative security issues
- [oss-security] 20221108 Xen Security Advisory 422 v1 (CVE-2022-23824) - x86: Multiple speculative security issues
- [oss-security] 20221110 Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues
- [oss-security] 20221110 Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues
- FEDORA-2022-8aab5b5cde
- FEDORA-2022-8aab5b5cde
- FEDORA-2022-3e6ce58029
- FEDORA-2022-3e6ce58029
- FEDORA-2022-c69ef9c1dd
- FEDORA-2022-c69ef9c1dd
- FEDORA-2022-a0d7a5eaf2
- FEDORA-2022-a0d7a5eaf2
- GLSA-202402-07
- GLSA-202402-07
- https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037
- https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037
- DSA-5184
- DSA-5184
Modified: 2024-11-21
CVE-2022-29900
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.
- [debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package
- [debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package
- FEDORA-2022-a0d7a5eaf2
- FEDORA-2022-a0d7a5eaf2
- GLSA-202402-07
- GLSA-202402-07
- https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037
- https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037
- DSA-5207
- DSA-5207
- https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/
- https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/
Modified: 2024-11-21
CVE-2022-29901
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.
- [oss-security] 20220712 Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions
- [oss-security] 20220712 Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions
- [oss-security] 20220712 Re: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions
- [oss-security] 20220712 Re: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions
- [oss-security] 20220712 Re: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions
- [oss-security] 20220712 Re: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions
- [oss-security] 20220713 Re: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions
- [oss-security] 20220713 Re: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions
- https://comsec.ethz.ch/retbleed
- https://comsec.ethz.ch/retbleed
- [debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package
- [debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package
- [debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update
- [debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update
- FEDORA-2022-8aab5b5cde
- FEDORA-2022-8aab5b5cde
- FEDORA-2022-c69ef9c1dd
- FEDORA-2022-c69ef9c1dd
- GLSA-202402-07
- GLSA-202402-07
- https://security.netapp.com/advisory/ntap-20221007-0007/
- https://security.netapp.com/advisory/ntap-20221007-0007/
- DSA-5207
- DSA-5207
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html
- https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/
- https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/