CVE-2022-23824

medium

Description

IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.

References

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040

http://www.openwall.com/lists/oss-security/2022/11/10/2

https://www.debian.org/security/2023/dsa-5378

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTQMPJC5N6XJYQ232OZFLK47HVZNRBY3/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/

Details

Source: MITRE

Published: 2022-11-09

Updated: 2023-03-27

CVSS v3

Base Score: 5.5

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM