CVE-2022-29900
Advisory lineage Upstream: 0 Downstream: 64
Modified
Published: 12 Jul 2022, 15:50
Last modified:20 Nov 2024, 16:13
Vulnerability Summary
Overall Risk (default)
medium
26/100 CVSS Score
6.5 MEDIUM
v3.1 (nvd)
EPSS Score
1.41% LOW
1% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
12 Jul 2022, 15:50
Published
Vulnerability first disclosed
20 Nov 2024, 16:13
Last Modified
Vulnerability information updated
Description
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.
CVSS Metrics
- v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
- v2.0•LOW•Score: 2.1AV:L/AC:L/Au:N/C:P/I:N/A:N
EPSS Trends
Current EPSS score: 1.41%• Percentile: 81%
Techniques & Countermeasures
- CWE-212•Improper Removal of Sensitive Information Before Storage or Transfer
The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.
Affected Systems
- amd•a10-9600p_firmware
na
- amd•a10-9630p_firmware
na
- amd•a12-9700p_firmware
na
- amd•a12-9730p_firmware
na
- amd•a4-9120_firmware
na
- amd•a6-9210_firmware
na
- amd•a6-9220_firmware
na
- amd•a6-9220c_firmware
na
- amd•a9-9410_firmware
na
- amd•a9-9420_firmware
na
- amd•amd processors
Processor Some AMD Processors
- amd•athlon_gold_3150u_firmware
na
- amd•athlon_silver_3050u_firmware
na
- amd•athlon_x4_750_firmware
na
- amd•athlon_x4_760k_firmware
na
- amd•athlon_x4_830_firmware
na
- amd•athlon_x4_835_firmware
na
- amd•athlon_x4_840_firmware
na
- amd•athlon_x4_845_firmware
na
- amd•athlon_x4_860k_firmware
na
- amd•athlon_x4_870k_firmware
na
- amd•athlon_x4_880k_firmware
na
- amd•athlon_x4_940_firmware
na
- amd•athlon_x4_950_firmware
na
- amd•athlon_x4_970_firmware
na
- amd•epyc_7001_firmware
na
- amd•epyc_7002_firmware
na
- amd•epyc_7251_firmware
na
- amd•epyc_7252_firmware
na
- amd•epyc_7261_firmware
na
- amd•epyc_7262_firmware
na
- amd•epyc_7272_firmware
na
- amd•epyc_7281_firmware
na
- amd•epyc_7282_firmware
na
- amd•epyc_7301_firmware
na
- amd•epyc_7302_firmware
na
- amd•epyc_7302p_firmware
na
- amd•epyc_7351_firmware
na
- amd•epyc_7351p_firmware
na
- amd•epyc_7352_firmware
na
- amd•epyc_7371_firmware
na
- amd•epyc_7401_firmware
na
- amd•epyc_7401p_firmware
na
- amd•epyc_7402_firmware
na
- amd•epyc_7402p_firmware
na
- amd•epyc_7451_firmware
na
- amd•epyc_7452_firmware
na
- amd•epyc_7501_firmware
na
- amd•epyc_7502_firmware
na
- amd•epyc_7502p_firmware
na
Showing first 50 affected entries in server-rendered view.
References (6)
- https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/
- https://www.debian.org/security/2022/dsa-5207
- https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html
- https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/
- https://security.gentoo.org/glsa/202402-07