Redhat.comRH:CVE-2022-27672CVE-2022-27672
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
9.2%
A flaw was found in HW. When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch, potentially resulting in information disclosure.
Mitigation
The current mitigations for spectre V4 (or spectre_v2) should mitigate this flaw, no additional steps will need to be taken.
In more details, according to the article
<https://kernel.org/doc/html//next/admin-guide/hw-vuln/cross-thread-rsb.html>
Two mitigations are needed:
- Stuff the RSB during context switch which is already being done in RHEL8/RHEL9 as long as the spectre_v2 mitigation is active.
- For KVM, the mitigation for the KVM_CAP_X86_DISABLE_EXITS capability can be turned on using the boolean module parameter mitigate_smt_rsb, e.g. vm.mitigate_smt_rsb=1.
The command to check if mitigation is active:
cat /sys/devices/system/cpu/vulnerabilities/spectre_v2
References
bugzilla.redhat.com/show_bug.cgi?id=2174765
kernel.org/doc/html//next/admin-guide/hw-vuln/cross-thread-rsb.html
nvd.nist.gov/vuln/detail/CVE-2022-27672
www.amd.com/en/corporate/product-security/bulletin/amd-sb-1045
www.cve.org/CVERecord?id=CVE-2022-27672
www.openwall.com/lists/oss-security/2023/02/14/4
xenbits.xen.org/xsa/advisory-426.html
Related
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
9.2%