CVE-2022-29900
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
12/07/2022
Last modified:
04/02/2024
Description
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Base Score 2.0
2.10
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* | ||
| cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:athlon_x4_750_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:amd:athlon_x4_750:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:athlon_x4_760k_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:amd:athlon_x4_760k:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:athlon_x4_830_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:amd:athlon_x4_830:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:athlon_x4_835_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:amd:athlon_x4_835:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:athlon_x4_840_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:amd:athlon_x4_840:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:athlon_x4_845_firmware:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/
- https://security.gentoo.org/glsa/202402-07
- https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037
- https://www.debian.org/security/2022/dsa-5207
- https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/