Vulnerability CVE-2022-29901

Vulnerability Name:

CVE-2022-29901 (CCN-230960)

Assigned:

2022-07-11

Published:

2022-07-11

Updated:

2022-12-24

Summary:

Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.

CVSS v3 Severity:

5.6 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)
4.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

4.7 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)
4.1 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

5.6 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)
4.9 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

CVSS v2 Severity:

1.9 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

3.8 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-200

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2022-29901

Source: vulnerability@ncsc.ch
Type: Mailing List, Patch, Third Party Advisory
vulnerability@ncsc.ch

Source: vulnerability@ncsc.ch
Type: Mailing List, Third Party Advisory
vulnerability@ncsc.ch

Source: vulnerability@ncsc.ch
Type: Mailing List, Third Party Advisory
vulnerability@ncsc.ch

Source: vulnerability@ncsc.ch
Type: Mailing List, Third Party Advisory
vulnerability@ncsc.ch

Source: vulnerability@ncsc.ch
Type: Exploit, Technical Description, Third Party Advisory
vulnerability@ncsc.ch

Source: XF
Type: UNKNOWN
intel-cve202229901-info-disc(230960)

Source: vulnerability@ncsc.ch
Type: Mailing List, Third Party Advisory
vulnerability@ncsc.ch

Source: vulnerability@ncsc.ch
Type: UNKNOWN
vulnerability@ncsc.ch

Source: vulnerability@ncsc.ch
Type: Mailing List, Third Party Advisory
vulnerability@ncsc.ch

Source: vulnerability@ncsc.ch
Type: Mailing List, Third Party Advisory
vulnerability@ncsc.ch

Source: vulnerability@ncsc.ch
Type: Third Party Advisory
vulnerability@ncsc.ch

Source: vulnerability@ncsc.ch
Type: Third Party Advisory
vulnerability@ncsc.ch

Source: CCN
Type: INTEL-SA-00702
Intel Processors Return Stack Buffer Underflow Advisory

Source: vulnerability@ncsc.ch
Type: Vendor Advisory
vulnerability@ncsc.ch

Source: CCN
Type: VMware Security Advisory VMSA-2021-0020
VMware ESXi addresses Return-Stack-Buffer-Underflow and Branch Type Confusion vulnerabilities

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:8::hypervisor:*:*:*:*:*

Configuration RedHat 6:

cpe:/a:redhat:enterprise_linux:8::nfv:*:*:*:*:*

Configuration RedHat 7:

cpe:/a:redhat:enterprise_linux:8::realtime:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 10:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 11:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 12:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration RedHat 13:

cpe:/a:redhat:rhel_extras_rt:7:*:*:*:*:*:*:*

Configuration RedHat 14:

cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*

Configuration RedHat 15:

cpe:/a:redhat:enterprise_linux:9::nfv:*:*:*:*:*

Configuration RedHat 16:

cpe:/a:redhat:enterprise_linux:9::realtime:*:*:*:*:*

Configuration RedHat 17:

cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*

Configuration RedHat 18:

cpe:/a:redhat:enterprise_linux:9::crb:*:*:*:*:*

Configuration RedHat 19:

cpe:/o:redhat:enterprise_linux:9:*:*:*:*:*:*:*

Configuration RedHat 20:

cpe:/o:redhat:enterprise_linux:9::baseos:*:*:*:*:*

Configuration CCN 1:

cpe:/o:vmware:esxi:6.5:*:*:*:*:*:*:*

OR cpe:/o:vmware:esxi:6.7:*:*:*:*:*:*:*

OR cpe:/o:vmware:esxi:7.0:-:*:*:*:*:*:*

OR cpe:/a:vmware:cloud_foundation:3.0:*:*:*:*:*:*:*

OR cpe:/a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:com.redhat.rhsa:def:20227933	P	RHSA-2022:7933: kernel-rt security and bug fix update (Moderate)	2022-11-15
oval:com.redhat.rhsa:def:20228267	P	RHSA-2022:8267: kernel security, bug fix, and enhancement update (Moderate)	2022-11-15
oval:com.redhat.rhsa:def:20227337	P	RHSA-2022:7337: kernel security and bug fix update (Important)	2022-11-02
oval:com.redhat.rhsa:def:20227338	P	RHSA-2022:7338: kernel-rt security and bug fix update (Important)	2022-11-02
oval:com.redhat.rhsa:def:20227110	P	RHSA-2022:7110: kernel security, bug fix, and enhancement update (Important)	2022-10-25
oval:com.redhat.rhsa:def:20227134	P	RHSA-2022:7134: kernel-rt security and bug fix update (Important)	2022-10-25
oval:org.opensuse.security:def:95383	P	Security update for the Linux Kernel (Important)	2022-08-01
oval:org.opensuse.security:def:3753	P	Security update for the Linux Kernel (Important)	2022-08-01
oval:org.opensuse.security:def:627	P	Security update for the Linux Kernel (Important)	2022-08-01
oval:org.opensuse.security:def:43652	P	Security update for the Linux Kernel (Important)	2022-07-26
oval:org.opensuse.security:def:42421	P	Security update for the Linux Kernel (Important)	2022-07-26
oval:org.opensuse.security:def:598	P	Security update for the Linux Kernel (Important)	2022-07-26
oval:org.opensuse.security:def:42325	P	Security update for the Linux Kernel (Important)	2022-07-26
oval:org.opensuse.security:def:95273	P	Security update for the Linux Kernel (Important)	2022-07-21
oval:org.opensuse.security:def:93319	P	(Important)	2022-07-21
oval:org.opensuse.security:def:3783	P	Security update for the Linux Kernel (Important)	2022-07-21
oval:org.opensuse.security:def:94051	P	(Important)	2022-07-21
oval:org.opensuse.security:def:3720	P	Security update for the Linux Kernel (Important)	2022-07-21
oval:org.opensuse.security:def:589	P	Security update for the Linux Kernel (Important)	2022-07-21
oval:org.opensuse.security:def:95335	P	Security update for the Linux Kernel (Important)	2022-07-21
oval:org.opensuse.security:def:93477	P	(Important)	2022-07-21
oval:org.opensuse.security:def:3794	P	Security update for the Linux Kernel (Important)	2022-07-21
oval:org.opensuse.security:def:95416	P	Security update for the Linux Kernel (Important)	2022-07-21
oval:org.opensuse.security:def:94263	P	(Important)	2022-07-21
oval:org.opensuse.security:def:3726	P	Security update for the Linux Kernel (Important)	2022-07-21
oval:org.opensuse.security:def:95350	P	Security update for the Linux Kernel (Important)	2022-07-21
oval:org.opensuse.security:def:93630	P	(Important)	2022-07-21
oval:org.opensuse.security:def:3643	P	Security update for the Linux Kernel (Important)	2022-07-21
oval:org.opensuse.security:def:95427	P	Security update for the Linux Kernel (Important)	2022-07-21
oval:org.opensuse.security:def:94472	P	(Important)	2022-07-21
oval:org.opensuse.security:def:93159	P	(Important)	2022-07-21
oval:org.opensuse.security:def:95356	P	Security update for the Linux Kernel (Important)	2022-07-21
oval:org.opensuse.security:def:93837	P	(Important)	2022-07-21
oval:org.opensuse.security:def:3705	P	Security update for the Linux Kernel (Important)	2022-07-21
oval:org.opensuse.security:def:43645	P	Security update for the Linux Kernel (Important)	2022-07-18
oval:org.opensuse.security:def:42412	P	Security update for the Linux Kernel (Important)	2022-07-18
oval:org.opensuse.security:def:42317	P	Security update for the Linux Kernel (Important)	2022-07-18
oval:org.opensuse.security:def:582	P	Security update for the Linux Kernel (Important)	2022-07-15

BACK