HistoryMay 11, 2024 - 12:00 a.m.

RHEL 6 : hw (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  • hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29900)

  • hw: amd: GPU memory leaks (CVE-2023-4969)

  • Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341)

  • Non-transparent sharing of branch predictor selectors between contexts in some Intel® Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)

  • Non-transparent sharing of branch predictor within a context in some Intel® Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)

  • Improper isolation of shared resources in some Intel® Processors may allow a privileged user to potentially enable information disclosure via local access. (CVE-2022-21233)

  • Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. (CVE-2022-23816)

  • IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure. (CVE-2022-23824)

  • Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. (CVE-2022-23825)

  • Non-transparent sharing of return predictor targets between contexts in some Intel® Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)

  • VMware ESXi contains Return-Stack-Buffer-Underflow (CVE-2022-29901, CVE-2022-28693, CVE-2022-26373) and Branch Type Confusion (CVE-2022-23816, CVE-2022-23825) vulnerabilities due to the Intel and AMD processors it utilizes. VMware has evaluated the severity of these issues to be in the Moderate severity range with a maximum CVSSv3 base score of 5.6. (CVE-2022-28693)

  • Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)

  • This CVE was assigned by Intel. Please see CVE-2024-2201 on for more information. (CVE-2024-2201)

Note that Nessus has not tested for these issues but has instead relied on the package manager’s report that the package is installed.

