Vulnerability Name:

CVE-2022-28693 (CCN-230959)

Assigned:2022-07-12
Published:2022-07-12
Updated:2022-07-12
Summary:Intel Processors could allow a local authenticated attacker to obtain sensitive information, caused by unprotected alternative channel of return branch target prediction. An attacker could exploit this vulnerability to obtain sensitive information.
CVSS v3 Severity:4.7 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)
4.1 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:3.8 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): None
Availibility (A): None
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2022-28693

Source: XF
Type: UNKNOWN
intel-cve202228693-info-disc(230959)

Source: CCN
Type: IBM Security Bulletin 6966316 (Cloud Pak System Software Suite)
Multiple vulnerabilities in VMware ESXi affect IBM Cloud Pak System

Source: CCN
Type: INTEL-SA-00707
Intel Processors RRSBA Advisory

Source: CCN
Type: VMware Security Advisory VMSA-2021-0020
VMware ESXi addresses Return-Stack-Buffer-Underflow and Branch Type Confusion vulnerabilities

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/o:vmware:esxi:6.5:*:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:*:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:7.0:-:*:*:*:*:*:*
  • OR cpe:/a:vmware:cloud_foundation:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8029
    P
    		kernel-docs-5.14.21-150500.53.2 on GA media (Moderate)
    2023-06-20
    oval:org.opensuse.security:def:8090
    P
    		reiserfs-kmp-default-5.14.21-150500.53.2 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7539
    P
    		kernel-64kb-5.14.21-150500.53.2 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:762
    P
    		Security update for the Linux Kernel (Important)
    2022-09-16
    oval:org.opensuse.security:def:764
    P
    		Security update for the Linux Kernel (Important)
    2022-09-16
    BACK
    vmware esxi 6.5
    vmware esxi 6.7
    vmware esxi 7.0 -
    vmware cloud foundation 3.0
    vmware cloud foundation 4.0