CVE-2022-27672

moderate-risk

Published 2023-03-01

When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure.

Do I need to act?

0.12% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.7/10 Medium

LOCAL / HIGH complexity

Affected Products (20)

Athlon X4 750 Firmware

Athlon X4 760K Firmware

Athlon X4 830 Firmware

Athlon X4 840 Firmware

Athlon X4 860K Firmware

Athlon X4 870K Firmware

Athlon X4 880K Firmware

Athlon X4 835 Firmware

Athlon X4 845 Firmware

Athlon X4 940 Firmware

Athlon X4 950 Firmware

Athlon X4 970 Firmware

Ryzen Threadripper Pro 5995Wx Firmware

Ryzen Threadripper Pro 5975W Firmware

Ryzen Threadripper Pro 5965Wx Firmware

Ryzen Threadripper Pro 5955Wx Firmware

Ryzen Threadripper Pro 5945Wx Firmware

Ryzen Threadripper 2990Wx Firmware

Ryzen Threadripper 2970Wx Firmware

Ryzen Threadripper 2950X Firmware

Affected Vendors

Amd

References (5)

https://security.gentoo.org/glsa/202402-07

Mitigation https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1045

http://xenbits.xen.org/xsa/advisory-426.html

https://security.gentoo.org/glsa/202402-07

Mitigation https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1045

/ 100

moderate-risk

Severity 12/34 · Low

Exploitability 1/34 · Minimal

Exposure 33/34 · Critical