CVSS: 6.5EPSS: 0%CPEs: 288EXPL: 0CVE-2022-29901 – Arbitrary Memory Disclosure through CPU Side-Channel Attacks (Retbleed)
https://notcve.org/view.php?id=CVE-2022-29901
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. Las generaciones de microprocesadores Intel 6 a 8 están afectadas por una nueva variante de Spectre que es capaz de omitir su mitigación de retpoline en el kernel para filtrar datos arbitrarios. Un atacante con acceso de usuario no privilegiado puede secuestrar las instrucciones de retorno para lograr una ejecución arbitraria de código especulativo bajo determinadas condiciones dependientes de la microarquitectura A flaw was found in hw. Non-transparent sharing of branch predictor targets between contexts in some Intel(R) processors may potentially allow an authorized user to enable information disclosure via local access. • http://www.openwall.com/lists/oss-security/2022/07/12/2 http://www.openwall.com/lists/oss-security/2022/07/12/4 http://www.openwall.com/lists/oss-security/2022/07/12/5 http://www.openwall.com/lists/oss-security/2022/07/13/1 https://comsec.ethz.ch/retbleed https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fed • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.1EPSS: 0%CPEs: 22EXPL: 0CVE-2022-33742
https://notcve.org/view.php?id=CVE-2022-33742
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). Unas fuga de datos de frontends de disco/NIC de Linux Este registro de información de CNA se relaciona con múltiples CVE; el texto explica qué aspectos/vulnerabilidades corresponden a qué CVE.] Las interfaces de dispositivos Linux Block y Network PV no ponen a cero las regiones de memoria antes de compartirlas con el backend (CVE-2022-26365, CVE-2022-33740). • http://www.openwall.com/lists/oss-security/2022/07/05/6 http://xenbits.xen.org/xsa/advisory-403.html https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGFTRZ66KQYTSYIRT5FRHF5D6O72NWOP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q https://www.debian.org/security/2022/dsa-5191 https://xenbits.xenproject.org/xsa/advisory-403&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 22EXPL: 0CVE-2022-33741
https://notcve.org/view.php?id=CVE-2022-33741
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). Unas fuga de datos de frontends de disco/NIC de Linux Este registro de información de CNA se relaciona con múltiples CVE; el texto explica qué aspectos/vulnerabilidades corresponden a qué CVE.] Las interfaces de dispositivos Linux Block y Network PV no ponen a cero las regiones de memoria antes de compartirlas con el backend (CVE-2022-26365, CVE-2022-33740). • http://www.openwall.com/lists/oss-security/2022/07/05/6 http://xenbits.xen.org/xsa/advisory-403.html https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGFTRZ66KQYTSYIRT5FRHF5D6O72NWOP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q https://www.debian.org/security/2022/dsa-5191 https://xenbits.xenproject.org/xsa/advisory-403&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 22EXPL: 0CVE-2022-33740
https://notcve.org/view.php?id=CVE-2022-33740
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). Unas fuga de datos de frontends de disco/NIC de Linux Este registro de información de CNA se relaciona con múltiples CVE; el texto explica qué aspectos/vulnerabilidades corresponden a qué CVE.] Las interfaces de dispositivos Linux Block y Network PV no ponen a cero las regiones de memoria antes de compartirlas con el backend (CVE-2022-26365, CVE-2022-33740). • http://www.openwall.com/lists/oss-security/2022/07/05/6 http://xenbits.xen.org/xsa/advisory-403.html https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGFTRZ66KQYTSYIRT5FRHF5D6O72NWOP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q https://www.debian.org/security/2022/dsa-5191 https://xenbits.xenproject.org/xsa/advisory-403&# • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 7.1EPSS: 0%CPEs: 22EXPL: 0CVE-2022-26365
https://notcve.org/view.php?id=CVE-2022-26365
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). Unas fuga de datos de frontends de disco/NIC de Linux Este registro de información de CNA se relaciona con múltiples CVE; el texto explica qué aspectos/vulnerabilidades corresponden a qué CVE.] Las interfaces de dispositivos Linux Block y Network PV no ponen a cero las regiones de memoria antes de compartirlas con el backend (CVE-2022-26365, CVE-2022-33740). • http://www.openwall.com/lists/oss-security/2022/07/05/6 http://xenbits.xen.org/xsa/advisory-403.html https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGFTRZ66KQYTSYIRT5FRHF5D6O72NWOP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q https://www.debian.org/security/2022/dsa-5191 https://xenbits.xenproject.org/xsa/advisory-403&# • CWE-401: Missing Release of Memory after Effective Lifetime •