CVE-2022-23825
Advisory lineage Upstream: 0 Downstream: 24
Modified
Published: 14 Jul 2022, 19:27
Last modified:16 Sept 2024, 17:48
Vulnerability Summary
Overall Risk (default)
medium
26/100 CVSS Score
6.5 MEDIUM
v3.1 (nvd)
EPSS Score
0.14% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
14 Jul 2022, 19:27
Published
Vulnerability first disclosed
16 Sept 2024, 17:48
Last Modified
Vulnerability information updated
Description
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
CVSS Metrics
- v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
- v2.0•LOW•Score: 2.1AV:L/AC:L/Au:N/C:P/I:N/A:N
EPSS Trends
Current EPSS score: 0.14%• Percentile: 33%
Techniques & Countermeasures
- CWE-668•Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
Affected Systems
- amd•a10-9600p_firmware
na
- amd•a10-9630p_firmware
na
- amd•a12-9700p_firmware
na
- amd•a12-9730p_firmware
na
- amd•a4-9120_firmware
na
- amd•a6-9210_firmware
na
- amd•a6-9220_firmware
na
- amd•a6-9220c_firmware
na
- amd•a9-9410_firmware
na
- amd•a9-9420_firmware
na
- amd•amd processors
Processor Some AMD Processors
- amd•athlon_gold_3150u_firmware
na
- amd•athlon_silver_3050u_firmware
na
- amd•athlon_x4_750_firmware
na
- amd•athlon_x4_760k_firmware
na
- amd•athlon_x4_830_firmware
na
- amd•athlon_x4_835_firmware
na
- amd•athlon_x4_840_firmware
na
- amd•athlon_x4_845_firmware
na
- amd•athlon_x4_860k_firmware
na
- amd•athlon_x4_870k_firmware
na
- amd•athlon_x4_880k_firmware
na
- amd•athlon_x4_940_firmware
na
- amd•athlon_x4_950_firmware
na
- amd•athlon_x4_970_firmware
na
- amd•epyc_7001_firmware
na
- amd•epyc_7002_firmware
na
- amd•epyc_7251_firmware
na
- amd•epyc_7252_firmware
na
- amd•epyc_7261_firmware
na
- amd•epyc_7262_firmware
na
- amd•epyc_7272_firmware
na
- amd•epyc_7281_firmware
na
- amd•epyc_7282_firmware
na
- amd•epyc_7301_firmware
na
- amd•epyc_7302_firmware
na
- amd•epyc_7302p_firmware
na
- amd•epyc_7351_firmware
na
- amd•epyc_7351p_firmware
na
- amd•epyc_7352_firmware
na
- amd•epyc_7371_firmware
na
- amd•epyc_7401_firmware
na
- amd•epyc_7401p_firmware
na
- amd•epyc_7402_firmware
na
- amd•epyc_7402p_firmware
na
- amd•epyc_7451_firmware
na
- amd•epyc_7452_firmware
na
- amd•epyc_7501_firmware
na
- amd•epyc_7502_firmware
na
- amd•epyc_7502p_firmware
na
Showing first 50 affected entries in server-rendered view.
References (9)
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M27MB3QFNIJV4EQQSXWARHP3OGX6CR6K/
- https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4RW5FCIYFNCQOEFJEUIRW3DGYW7CWBG/
- https://www.debian.org/security/2022/dsa-5184
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLSRW4LLTAT3CZMOYVNTC7YIYGX3KLED/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/
- http://www.openwall.com/lists/oss-security/2022/11/08/1
- http://www.openwall.com/lists/oss-security/2022/11/10/2
- https://security.gentoo.org/glsa/202402-07