CVE-2022-29901
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
12/07/2022
Last modified:
04/02/2024
Description
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Base Score 2.0
1.90
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:intel:core_i7-6500u_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:intel:core_i7-6500u:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:intel:core_i7-6510u_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:intel:core_i7-6510u:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:intel:core_i7-6560u_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:intel:core_i7-6560u:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:intel:core_i7-6567u_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:intel:core_i7-6567u:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:intel:core_i7-6600u_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:intel:core_i7-6600u:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:intel:core_i7-6650u_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:intel:core_i7-6650u:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:intel:core_i7-6660u_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:intel:core_i7-6660u:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:intel:core_i7-6700_firmware:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.openwall.com/lists/oss-security/2022/07/12/2
- http://www.openwall.com/lists/oss-security/2022/07/12/4
- http://www.openwall.com/lists/oss-security/2022/07/12/5
- http://www.openwall.com/lists/oss-security/2022/07/13/1
- https://comsec.ethz.ch/retbleed
- https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html
- https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4RW5FCIYFNCQOEFJEUIRW3DGYW7CWBG/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M27MB3QFNIJV4EQQSXWARHP3OGX6CR6K/
- https://security.gentoo.org/glsa/202402-07
- https://security.netapp.com/advisory/ntap-20221007-0007/
- https://www.debian.org/security/2022/dsa-5207
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html
- https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/