Vulnerability CVE-2022-23825

Vulnerability Name:

CVE-2022-23825 (CCN-230962)

Assigned:

2022-07-12

Published:

2022-07-12

Updated:

2023-01-11

Summary:

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.

CVSS v3 Severity:

6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)
4.9 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

5.6 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)
4.9 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

CVSS v2 Severity:

2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

3.8 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-200

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2022-23825

Source: psirt@amd.com
Type: Mailing List, Third Party Advisory
psirt@amd.com

Source: psirt@amd.com
Type: Mailing List, Third Party Advisory
psirt@amd.com

Source: CCN
Type: Xen Security Advisory XSA-407
Retbleed - arbitrary speculative code execution with return instructions

Source: XF
Type: UNKNOWN
xen-cve202223825-info-disc(230962)

Source: psirt@amd.com
Type: Mailing List, Third Party Advisory
psirt@amd.com

Source: psirt@amd.com
Type: Mailing List, Third Party Advisory
psirt@amd.com

Source: psirt@amd.com
Type: Mailing List, Third Party Advisory
psirt@amd.com

Source: psirt@amd.com
Type: Mailing List, Third Party Advisory
psirt@amd.com

Source: psirt@amd.com
Type: Vendor Advisory
psirt@amd.com

Source: psirt@amd.com
Type: Third Party Advisory
psirt@amd.com

Source: CCN
Type: IBM Security Bulletin 6966316 (Cloud Pak System Software Suite)
Multiple vulnerabilities in VMware ESXi affect IBM Cloud Pak System

Source: CCN
Type: IBM Security Bulletin 6967016 (QRadar SIEM)
IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Source: CCN
Type: VMware Security Advisory VMSA-2022-0020
VMware ESXi addresses Return-Stack-Buffer-Underflow and Branch Type Confusion vulnerabilities

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:8::hypervisor:*:*:*:*:*

Configuration RedHat 6:

cpe:/a:redhat:enterprise_linux:8::nfv:*:*:*:*:*

Configuration RedHat 7:

cpe:/a:redhat:enterprise_linux:8::realtime:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 10:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 11:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 12:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration RedHat 13:

cpe:/a:redhat:rhel_extras_rt:7:*:*:*:*:*:*:*

Configuration RedHat 14:

cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*

Configuration RedHat 15:

cpe:/a:redhat:enterprise_linux:9::nfv:*:*:*:*:*

Configuration RedHat 16:

cpe:/a:redhat:enterprise_linux:9::realtime:*:*:*:*:*

Configuration RedHat 17:

cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*

Configuration RedHat 18:

cpe:/a:redhat:enterprise_linux:9::crb:*:*:*:*:*

Configuration RedHat 19:

cpe:/o:redhat:enterprise_linux:9:*:*:*:*:*:*:*

Configuration RedHat 20:

cpe:/o:redhat:enterprise_linux:9::baseos:*:*:*:*:*

Configuration CCN 1:

cpe:/a:xensource:xen:*:*:*:*:*:*:*:*

OR cpe:/o:vmware:esxi:6.5:*:*:*:*:*:*:*

OR cpe:/o:vmware:esxi:6.7:*:*:*:*:*:*:*

OR cpe:/o:vmware:esxi:7.0:-:*:*:*:*:*:*

OR cpe:/a:vmware:cloud_foundation:3.0:*:*:*:*:*:*:*

OR cpe:/a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*

AND

cpe:/a:ibm:qradar_security_information_and_event_manager:7.4.3:-:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7831	P	xen-libs-4.17.0_06-150500.1.10 on GA media (Moderate)	2023-06-12
oval:com.redhat.rhsa:def:20227933	P	RHSA-2022:7933: kernel-rt security and bug fix update (Moderate)	2022-11-15
oval:com.redhat.rhsa:def:20228267	P	RHSA-2022:8267: kernel security, bug fix, and enhancement update (Moderate)	2022-11-15
oval:com.redhat.rhsa:def:20227338	P	RHSA-2022:7338: kernel-rt security and bug fix update (Important)	2022-11-02
oval:com.redhat.rhsa:def:20227337	P	RHSA-2022:7337: kernel security and bug fix update (Important)	2022-11-02
oval:com.redhat.rhsa:def:20227110	P	RHSA-2022:7110: kernel security, bug fix, and enhancement update (Important)	2022-10-25
oval:com.redhat.rhsa:def:20227134	P	RHSA-2022:7134: kernel-rt security and bug fix update (Important)	2022-10-25
oval:org.opensuse.security:def:43655	P	Security update for xen (Important)	2022-07-29
oval:org.opensuse.security:def:119278	P	Security update for xen (Important)	2022-07-29
oval:org.opensuse.security:def:42424	P	Security update for xen (Important)	2022-07-29
oval:org.opensuse.security:def:3656	P	Security update for xen (Important)	2022-07-29
oval:org.opensuse.security:def:119458	P	Security update for xen (Important)	2022-07-29
oval:org.opensuse.security:def:95286	P	Security update for xen (Important)	2022-07-29
oval:org.opensuse.security:def:118783	P	Security update for xen (Important)	2022-07-29
oval:org.opensuse.security:def:3771	P	Security update for xen (Important)	2022-07-29
oval:org.opensuse.security:def:119643	P	Security update for xen (Important)	2022-07-29
oval:org.opensuse.security:def:95404	P	Security update for xen (Important)	2022-07-29
oval:org.opensuse.security:def:615	P	Security update for xen (Important)	2022-07-29
oval:org.opensuse.security:def:118973	P	Security update for xen (Important)	2022-07-29
oval:org.opensuse.security:def:42328	P	Security update for xen (Important)	2022-07-29
oval:org.opensuse.security:def:125766	P	Security update for xen (Important)	2022-07-27
oval:org.opensuse.security:def:5304	P	Security update for xen (Important)	2022-07-27
oval:org.opensuse.security:def:126930	P	Security update for xen (Important)	2022-07-27
oval:org.opensuse.security:def:6112	P	Security update for xen (Important)	2022-07-27
oval:org.opensuse.security:def:127327	P	Security update for xen (Important)	2022-07-27

BACK