Skip to main content

Xen CVE-2022-23824

MEDIUM
2022-11-09 psirt@amd.com
Information Disclosure Xen Athlon X4 750 Firmware Athlon X4 760K Firmware Athlon X4 830 Firmware Athlon X4 835 Firmware Athlon X4 840 Firmware Athlon X4 845 Firmware Athlon X4 860K Firmware Athlon X4 870K Firmware Athlon X4 880K Firmware Athlon X4 940 Firmware Athlon X4 950 Firmware Athlon X4 970 Firmware Ryzen Threadripper Pro 3995Wx Firmware Ryzen Threadripper Pro 3795Wx Firmware Ryzen Threadripper Pro 3955Wx Firmware Ryzen Threadripper Pro 3945Wx Firmware Ryzen Threadripper Pro 5955Wx Firmware Ryzen Threadripper Pro 5965Wx Firmware Ryzen Threadripper Pro 5945Wx Firmware Ryzen Threadripper Pro 5975Wx Firmware Ryzen Threadripper Pro 5995Wx Firmware Ryzen Threadripper 2990Wx Firmware Ryzen Threadripper 2970Wx Firmware Ryzen Threadripper 2950X Firmware Ryzen Threadripper 2920X Firmware Ryzen Threadripper 3990X Firmware Ryzen Threadripper 3970X Firmware Ryzen Threadripper 3960X Firmware A12 9700P Firmware A12 9730P Firmware A10 9600P Firmware A10 9630P Firmware A9 9410 Firmware A9 9420 Firmware A6 9210 Firmware A6 9220 Firmware A6 9220C Firmware A4 9120 Firmware Ryzen 3 2200U Firmware Ryzen 3 2300U Firmware Ryzen 5 2500U Firmware Ryzen 5 2600 Firmware Ryzen 5 2600H Firmware Ryzen 5 2600X Firmware Ryzen 5 2700 Firmware Ryzen 5 2700X Firmware Ryzen 7 2700 Firmware Ryzen 7 2700U Firmware Ryzen 7 2700X Firmware Ryzen 7 2800H Firmware Ryzen 3 3100 Firmware Ryzen 3 3200U Firmware Ryzen 3 3250U Firmware Ryzen 3 3300G Firmware Ryzen 3 3300U Firmware Ryzen 3 3300X Firmware Ryzen 5 3400G Firmware Ryzen 5 3450G Firmware Ryzen 5 3500U Firmware Ryzen 5 3550H Firmware Ryzen 5 3600 Firmware Ryzen 5 3600X Firmware Ryzen 5 3600Xt Firmware Ryzen 7 3700U Firmware Ryzen 7 3700X Firmware Ryzen 7 3750H Firmware Ryzen 7 3800X Firmware Ryzen 7 3800Xt Firmware Ryzen 5 3580U Firmware Ryzen 7 Pro 3700U Firmware Ryzen 7 3780U Firmware Ryzen 7 4700G Firmware Ryzen 7 4700Ge Firmware Ryzen 5 4600G Firmware Ryzen 5 4600Ge Firmware Ryzen 3 4300G Firmware Ryzen 3 4300Ge Firmware Ryzen 9 4900H Firmware Ryzen 7 4800U Firmware Ryzen 7 4700U Firmware Ryzen 7 4800H Firmware Ryzen 5 4600U Firmware Ryzen 5 4500U Firmware Ryzen 5 4600H Firmware Ryzen 3 4300U Firmware Ryzen 9 5980Hx Firmware Ryzen 9 5980Hs Firmware Ryzen 7 5825U Firmware Ryzen 9 5900Hx Firmware Ryzen 9 5900Hs Firmware Ryzen 7 5825C Firmware Ryzen 7 5800H Firmware Ryzen 5 5625U Firmware Ryzen 7 5800Hs Firmware Ryzen 5 5625C Firmware Ryzen 5 5600H Firmware Ryzen 5 5600Hs Firmware Ryzen 7 5800U Firmware Ryzen 5 5600U Firmware Ryzen 5 5560U Firmware Ryzen 3 5425U Firmware Ryzen 3 5425C Firmware Ryzen 3 5400U Firmware Ryzen 3 5125C Firmware Athlon Gold 3150U Firmware Athlon Silver 3050U Firmware Epyc 7001 Firmware Epyc 7251 Firmware Epyc 7261 Firmware Epyc 7281 Firmware Epyc 7301 Firmware Epyc 7351 Firmware Epyc 7351P Firmware Epyc 7371 Firmware Epyc 7401 Firmware Epyc 7401P Firmware Epyc 7451 Firmware Epyc 7501 Firmware Epyc 7551 Firmware Epyc 7551P Firmware Epyc 7601 Firmware Epyc 7002 Firmware Epyc 7252 Firmware Epyc 7262 Firmware Epyc 7272 Firmware Epyc 7282 Firmware Epyc 7302 Firmware Epyc 7302P Firmware Epyc 7352 Firmware Epyc 7402 Firmware Epyc 7402P Firmware Epyc 7452 Firmware Epyc 7502 Firmware Epyc 7502P Firmware Epyc 7532 Firmware Epyc 7542 Firmware Epyc 7552 Firmware Epyc 7642 Firmware Epyc 7662 Firmware Epyc 7702 Firmware Epyc 7742 Firmware Epyc 7F32 Firmware Epyc 7F52 Firmware Epyc 7F72 Firmware Epyc 7H12 Firmware Epyc 7773X Firmware Epyc 7763 Firmware Epyc 7713P Firmware Epyc 7713 Firmware Epyc 7663 Firmware Epyc 7643 Firmware Epyc 75F3 Firmware Epyc 7573X Firmware Epyc 7543P Firmware Epyc 7543 Firmware Epyc 7513 Firmware Epyc 74F3 Firmware Epyc 7473X Firmware Epyc 7443P Firmware Epyc 7443 Firmware Epyc 7413 Firmware Epyc 7373X Firmware Epyc 7313 Firmware Epyc 7313P Firmware Epyc 7343 Firmware Epyc 72F3 Firmware Epyc 7003 Firmware Fedora
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 09, 2022 - 21:15 nvd
MEDIUM 5.5

DescriptionNVD

IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.

AnalysisAI

IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Technical ContextAI

IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure. Affected products include: Xen, Amd Athlon X4 750 Firmware, Amd Athlon X4 760K Firmware, Amd Athlon X4 830 Firmware, Amd Athlon X4 835 Firmware.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Xen

View all
CVE-2012-0217 HIGH POC
7.2 Jun 12

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and

CVE-2015-3456 HIGH POC
7.7 May 13

The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a

CVE-2018-8897 HIGH POC
7.8 May 08

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) wa

CVE-2022-4949 HIGH POC
8.8 Jun 07

The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aj

CVE-2017-15595 HIGH POC
8.8 Oct 18

An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recu

CVE-2017-7228 HIGH POC
8.2 Apr 04

An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. Rated

CVE-2015-5165 CRITICAL
9.3 Aug 12

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows

CVE-2015-8550 HIGH
8.2 Apr 14

Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (hos

CVE-2022-26364 MEDIUM POC
6.7 Jun 09

x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text exp

CVE-2017-10918 CRITICAL
10.0 Jul 05

Xen through 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obt

CVE-2017-10912 CRITICAL
10.0 Jul 05

Xen through 4.8.x mishandles page transfer, which allows guest OS users to obtain privileged host OS access, aka XSA-217

CVE-2017-10921 CRITICAL
10.0 Jul 05

The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_h

Share

CVE-2022-23824 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy