CVE-2022-29901

Description

Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.

CVSS Metrics

• v3.1•MEDIUM•Score: 5.6CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
• v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
• v2.0•LOW•Score: 1.9AV:L/AC:M/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 0.07%• Percentile: 22%

Techniques & Countermeasures

• CWE-668•Exposure of Resource to Wrong Sphere

  The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

• CWE-200•Exposure of Sensitive Information to an Unauthorized Actor

  The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Affected Systems

• debian•debian_linux

  10.0 | 11.0

• fedoraproject•fedora

  35 | 36

• intel•core_i3-6100_firmware

  na

• intel•core_i3-6100e_firmware

  na

• intel•core_i3-6100h_firmware

  na

• intel•core_i3-6100t_firmware

  na

• intel•core_i3-6100te_firmware

  na

• intel•core_i3-6100u_firmware

  na

• intel•core_i3-6102e_firmware

  na

• intel•core_i3-6110u_firmware

  na

• intel•core_i3-6120_firmware

  na

• intel•core_i3-6120t_firmware

  na

• intel•core_i3-6167u_firmware

  na

• intel•core_i3-6300_firmware

  na

• intel•core_i3-6300t_firmware

  na

• intel•core_i3-6320_firmware

  na

• intel•core_i3-6320t_firmware

  na

• intel•core_i3-8000_firmware

  na

• intel•core_i3-8000t_firmware

  na

• intel•core_i3-8020_firmware

  na

• intel•core_i3-8100_firmware

  na

• intel•core_i3-8100h_firmware

  na

• intel•core_i3-8100t_firmware

  na

• intel•core_i3-8109u_firmware

  na

• intel•core_i3-8120_firmware

  na

• intel•core_i3-8130u_firmware

  na

• intel•core_i3-8145u_firmware

  na

• intel•core_i3-8300_firmware

  na

• intel•core_i3-8300t_firmware

  na

• intel•core_i3-8350k_firmware

  na

• intel•core_i5-6200u_firmware

  na

• intel•core_i5-6210u_firmware

  na

• intel•core_i5-6260u_firmware

  na

• intel•core_i5-6267u_firmware

  na

• intel•core_i5-6287u_firmware

  na

• intel•core_i5-6300hq_firmware

  na

• intel•core_i5-6300u_firmware

  na

• intel•core_i5-6310u_firmware

  na

• intel•core_i5-6350hq_firmware

  na

• intel•core_i5-6360u_firmware

  na

• intel•core_i5-6400_firmware

  na

• intel•core_i5-6400t_firmware

  na

• intel•core_i5-6440eq_firmware

  na

• intel•core_i5-6440hq_firmware

  na

• intel•core_i5-6442eq_firmware

  na

• intel•core_i5-6500_firmware

  na

• intel•core_i5-6500t_firmware

  na

• intel•core_i5-6500te_firmware

  na

• intel•core_i5-6600_firmware

  na

• intel•core_i5-6600k_firmware

  na

Showing first 50 affected entries in server-rendered view.

References (14)

• https://comsec.ethz.ch/retbleed
• https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html
• http://www.openwall.com/lists/oss-security/2022/07/12/2
• http://www.openwall.com/lists/oss-security/2022/07/12/4
• http://www.openwall.com/lists/oss-security/2022/07/12/5
• http://www.openwall.com/lists/oss-security/2022/07/13/1
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M27MB3QFNIJV4EQQSXWARHP3OGX6CR6K/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4RW5FCIYFNCQOEFJEUIRW3DGYW7CWBG/
• https://www.debian.org/security/2022/dsa-5207
• https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html
• https://security.netapp.com/advisory/ntap-20221007-0007/
• https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html
• https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/
• https://security.gentoo.org/glsa/202402-07