CVE-2022-23824

high-risk
Published 2022-11-09

IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.

Do I need to act?

-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (20)

Xen
Athlon X4 750 Firmware
Athlon X4 760K Firmware
Athlon X4 830 Firmware
Athlon X4 835 Firmware
Athlon X4 840 Firmware
Athlon X4 845 Firmware
Athlon X4 860K Firmware
Athlon X4 870K Firmware
Athlon X4 880K Firmware
Athlon X4 940 Firmware
Athlon X4 950 Firmware
Athlon X4 970 Firmware
Ryzen Threadripper Pro 3795Wx Firmware

Affected Vendors

Fedoraproject Xen Amd

References (12)

Mailing List http://www.openwall.com/lists/oss-security/2022/11/10/2
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
https://security.gentoo.org/glsa/202402-07
Mitigation https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040
https://www.debian.org/security/2023/dsa-5378
Mailing List http://www.openwall.com/lists/oss-security/2022/11/10/2
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
https://security.gentoo.org/glsa/202402-07
Mitigation https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040
https://www.debian.org/security/2023/dsa-5378
51
/ 100
high-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 33/34 · Critical