Veracode Vulnerability DatabaseVERACODE:37864Authentication Bypass
0.001 Low
EPSS
Percentile
31.2%
kernel is vulnerable to authentication bypass. An attacker can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.
References
www.openwall.com/lists/oss-security/2022/07/12/2
www.openwall.com/lists/oss-security/2022/07/12/4
www.openwall.com/lists/oss-security/2022/07/12/5
www.openwall.com/lists/oss-security/2022/07/13/1
access.redhat.com/errata/RHSA-2022:7110
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=2103148
comsec.ethz.ch/retbleed
lists.debian.org/debian-lts-announce/2022/09/msg00011.html
lists.debian.org/debian-lts-announce/2022/12/msg00034.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4RW5FCIYFNCQOEFJEUIRW3DGYW7CWBG/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M27MB3QFNIJV4EQQSXWARHP3OGX6CR6K/
lists.fedoraproject.org/archives/list/[email protected]/message/D4RW5FCIYFNCQOEFJEUIRW3DGYW7CWBG/
lists.fedoraproject.org/archives/list/[email protected]/message/M27MB3QFNIJV4EQQSXWARHP3OGX6CR6K/
security.netapp.com/advisory/ntap-20221007-0007/
www.debian.org/security/2022/dsa-5207
www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html
www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/
Related
