3. Return-Stack-Buffer-Underflow (CVE-2022-29901, CVE-2022-28693, CVE-2022-26373) and Branch Type Confusion (CVE-2022-23816, CVE-2022-23825) vulnerabilities

VMware ESXi contains Return-Stack-Buffer-Underflow (CVE-2022-29901, CVE-2022-28693, CVE-2022-26373) and Branch Type Confusion (CVE-2022-23816, CVE-2022-23825) vulnerabilities due to the Intel and AMD processors it utilizes. VMware has evaluated the severity of these issues to be in the Moderate severity range with a maximum CVSSv3 base score of 5.6.

CPENameOperatorVersion
esxiltESXi70U3sf-20036586
esxiltESXi670-202207401-SG
esxiltESXi650-202207401-SG
cloud foundation (esxi)eq4.x
cloud foundation (esxi)eq3.x

Name	Operator	Version
esxi	lt	ESXi70U3sf-20036586
esxi	lt	ESXi670-202207401-SG
esxi	lt	ESXi650-202207401-SG
cloud foundation (esxi)	eq	4.x
cloud foundation (esxi)	eq	3.x

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23816

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23825

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26373

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28693

docs.vmware.com/en/VMware-vSphere/6.5/rn/esxi650-202207001.html

docs.vmware.com/en/VMware-vSphere/6.7/rn/esxi670-202207001.html

docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u3f-release-notes.html

kb.vmware.com/s/article/88695

kb.vmware.com/s/article/88927

via.vmw.com/vmsa-2022-0020-qna

www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

vmware 2

nessus 53

ibm 3

redhat 12

oraclelinux 8

openvas 26

hp 1

fedora 4

xen 2

rocky 2

osv 15

almalinux 4

amazon 3

amd 1

cve 5

f5 4

ubuntucve 5

redhatcve 6

intel 3

cvelist 4

nvd 4

mscve 3

veracode 4

debiancve 4

prion 3

mageia 2

citrix 1

ubuntu 6

photon 1

debian 3

suse 4

thn 1

vmware

VMware ESXi addresses Return-Stack-Buffer-Underflow and Branch Type Confusion vulnerabilities

2022-07-12 00:00:00

VMware ESXi addresses Return-Stack-Buffer-Underflow and Branch Type Confusion vulnerabilities

2022-07-12 00:00:00

nessus

VMware ESXi 6.5 / 6.7 / 7.0 Multiple Vulnerabilities (VMSA-2022-0020)

2024-03-22 00:00:00

Amazon Linux 2022 : (ALAS2022-2022-127)

2022-09-06 00:00:00

Amazon Linux 2 : kernel (ALASKERNEL-5.15-2022-006)

2022-08-23 00:00:00

ibm

Security Bulletin: Multiple vulnerabilities in VMware ESXi affect IBM Cloud Pak System

2023-03-31 16:13:36

Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

2023-03-29 18:49:02

Security Bulletin: Multiple vulnerabilities identified in VMWare ESXi shipped with IBM Cloud Pak System

2023-03-31 14:38:04

redhat

(RHSA-2022:7338) Important: kernel-rt security and bug fix update

2022-11-02 16:04:02

(RHSA-2022:7337) Important: kernel security and bug fix update

2022-11-02 16:03:50

(RHSA-2022:7134) Important: kernel-rt security and bug fix update

2022-10-25 07:38:43

oraclelinux

kernel security and bug fix update

2022-11-03 00:00:00

Unbreakable Enterprise kernel security update

2024-06-12 00:00:00

Unbreakable Enterprise kernel-container security update

2022-07-12 00:00:00

openvas

Fedora: Security Advisory for kernel (FEDORA-2022-c69ef9c1dd)

2022-07-15 00:00:00

Fedora: Security Advisory for kernel (FEDORA-2022-8aab5b5cde)

2022-07-16 00:00:00

Fedora: Security Advisory for xen (FEDORA-2022-3e6ce58029)

2022-07-19 00:00:00

HP Wolf Security Software July 2022 Update

2022-07-12 00:00:00

fedora

[SECURITY] Fedora 36 Update: kernel-5.18.11-200.fc36

2022-07-14 01:49:14

[SECURITY] Fedora 35 Update: kernel-5.18.11-100.fc35

2022-07-15 01:37:00

[SECURITY] Fedora 36 Update: xen-4.16.1-6.fc36

2022-07-18 01:09:01

xen

Retbleed - arbitrary speculative code execution with return instructions

2022-07-12 16:35:00

x86: Multiple speculative security issues

2022-11-08 17:34:00

rocky

kernel-rt security and bug fix update

2022-10-25 07:38:43

kernel security, bug fix, and enhancement update

2022-10-25 07:23:52

osv

Important: kernel-rt security and bug fix update

2022-10-25 00:00:00

Important: kernel-rt security and bug fix update

2022-10-25 07:38:43

Important: kernel security, bug fix, and enhancement update

2022-10-25 00:00:00

almalinux

Important: kernel security, bug fix, and enhancement update

2022-10-25 00:00:00

Important: kernel-rt security and bug fix update

2022-10-25 00:00:00

Moderate: kernel-rt security and bug fix update

2022-11-15 00:00:00

amazon

Important: kernel

2022-09-01 21:09:00

Important: kernel

2022-09-01 21:09:00

Important: kernel

2022-12-01 20:31:00

amd

AMD CPU Branch Type Confusion

2022-07-12 00:00:00

cve

CVE-2022-28693

2022-07-13 17:49:50

CVE-2022-23825

2022-07-14 20:15:08

CVE-2022-23816

2023-01-17 06:15:10

K69334442 : Intel Processors RRSBA advisory CVE-2022-28693

2022-11-11 00:00:00

K52259753 : Intel Processor vulnerability CVE-2022-26373

2022-11-07 00:00:00

K57185580 : RetBleed CPU vulnerability CVE-2022-29900

2022-08-02 00:00:00

ubuntucve

CVE-2022-28693

2022-07-12 00:00:00

CVE-2022-23825

2022-07-12 00:00:00

CVE-2022-23816

2022-07-13 00:00:00

redhatcve

CVE-2022-28693

2022-07-15 07:06:11

CVE-2022-23816

2022-07-13 04:44:07

CVE-2022-23825

2022-07-13 05:14:11

intel

Intel® Processors RRSBA Advisory

2022-07-12 00:00:00

Intel® Processors Post Invalidation RSB Advisory

2022-08-09 00:00:00

Intel® Processors Return Stack Buffer Underflow Advisory

2022-07-12 00:00:00

cvelist

CVE-2022-23825

2022-07-14 00:00:00

CVE-2022-23816

1976-01-01 00:00:00

CVE-2022-29901 Arbitrary Memory Disclosure through CPU Side-Channel Attacks (Retbleed)

2022-07-12 00:00:00

nvd

CVE-2022-23816

2023-01-17 06:15:10

CVE-2022-29901

2022-07-12 19:15:08

CVE-2022-23825

2022-07-14 20:15:08

mscve

AMD: CVE-2022-23816 AMD CPU Branch Type Confusion

2022-07-12 07:00:00

AMD: CVE-2022-23825 AMD CPU Branch Type Confusion

2022-07-12 07:00:00

AMD: CVE-2022-29900 AMD CPU Branch Type Confusion

2022-07-12 07:00:00

veracode

Arbitrary Code Execution

2022-07-15 02:32:22

Information Disclosure

2022-07-15 01:44:11

Authentication Bypass

2022-11-10 00:24:39

debiancve

CVE-2022-23816

2023-01-17 06:15:00

CVE-2022-23825

2022-07-14 20:15:08

CVE-2022-29901

2022-07-12 19:15:08

prion

Information disclosure

2022-07-14 20:15:00

Design/Logic Flaw

2022-07-12 19:15:00

Information disclosure

2022-08-18 20:15:00

mageia

Updated kernel-linus packages fix security vulnerabilities

2022-08-06 18:43:47

Updated kernel packages fix security vulnerabilities

2022-08-06 18:43:47

citrix

Citrix Hypervisor Security Bulletin for CVE-2022-23825 and CVE-2022-29900

2022-07-12 16:49:54

ubuntu

Linux kernel vulnerabilities

2023-07-12 00:00:00

Linux kernel (Azure) vulnerabilities

2023-02-10 00:00:00

Linux kernel vulnerabilities

2023-02-09 00:00:00

photon

Important Photon OS Security Update - PHSA-2022-0248

2022-09-20 00:00:00

debian

[SECURITY] [DLA 3102-1] linux-5.10 new package

2022-09-11 19:35:03

[SECURITY] [DSA 5207-1] linux security update

2022-08-15 19:52:20

[SECURITY] [DSA 5184-1] xen security update

2022-07-15 18:05:47

suse

Security update for xen (important)

2022-07-29 00:00:00

Security update for xen (important)

2022-07-29 00:00:00

Security update for xen (important)

2022-09-01 00:00:00

thn

New 'Retbleed' Speculative Execution Attack Affects AMD and Intel CPUs

2022-07-13 14:22:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.001 Low

EPSS

Percentile

31.2%

JSON

Related for VMSA-2022-0020