CVE-2022-29900
CVE-2022-29900
In short
Intel processors have a flaw in how they predict where program instructions will jump to next. An attacker could trick the processor into running malicious code speculatively, potentially exposing sensitive data.
Technical detail
A branch prediction vulnerability in Intel processors allows attackers to influence speculative execution of return instructions through microarchitecture-dependent conditions. This can lead to information disclosure via side-channel attacks when sensitive data is accessed during incorrect speculative paths.
Summary generated and translated by AI from the official description.
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.
Affected products
AMD · AMD ProcessorsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://lists.debian.org/debian-lts-announce/2022/09/msg00011.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/https://security.gentoo.org/glsa/202402-07https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037https://www.debian.org/security/2022/dsa-5207https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/