Skip to main content

Debian Linux CVE-2022-29900

MEDIUM
Improper Removal of Sensitive Information Before Storage or Transfer (CWE-212)
2022-07-12 psirt@amd.com
RCE Debian Linux Fedora Xen Athlon X4 750 Firmware Athlon X4 760K Firmware Athlon X4 830 Firmware Athlon X4 835 Firmware Athlon X4 840 Firmware Athlon X4 845 Firmware Athlon X4 860K Firmware Athlon X4 870K Firmware Athlon X4 880K Firmware Athlon X4 940 Firmware Athlon X4 950 Firmware Athlon X4 970 Firmware Ryzen Threadripper Pro 3995Wx Firmware Ryzen Threadripper Pro 3795Wx Firmware Ryzen Threadripper Pro 3955Wx Firmware Ryzen Threadripper Pro 3945Wx Firmware Ryzen Threadripper Pro 5955Wx Firmware Ryzen Threadripper Pro 5965Wx Firmware Ryzen Threadripper Pro 5945Wx Firmware Ryzen Threadripper Pro 5975Wx Firmware Ryzen Threadripper Pro 5995Wx Firmware Ryzen Threadripper 2990Wx Firmware Ryzen Threadripper 2970Wx Firmware Ryzen Threadripper 2950X Firmware Ryzen Threadripper 2920X Firmware Ryzen Threadripper 3990X Firmware Ryzen Threadripper 3970X Firmware Ryzen Threadripper 3960X Firmware A12 9700P Firmware A12 9730P Firmware A10 9600P Firmware A10 9630P Firmware A9 9410 Firmware A9 9420 Firmware A6 9210 Firmware A6 9220 Firmware A6 9220C Firmware A4 9120 Firmware Ryzen 3 2200U Firmware Ryzen 3 2300U Firmware Ryzen 5 2500U Firmware Ryzen 5 2600 Firmware Ryzen 5 2600H Firmware Ryzen 5 2600X Firmware Ryzen 5 2700 Firmware Ryzen 5 2700X Firmware Ryzen 7 2700 Firmware Ryzen 7 2700U Firmware Ryzen 7 2700X Firmware Ryzen 7 2800H Firmware Ryzen 3 3100 Firmware Ryzen 3 3200U Firmware Ryzen 3 3250U Firmware Ryzen 3 3300G Firmware Ryzen 3 3300U Firmware Ryzen 3 3300X Firmware Ryzen 5 3400G Firmware Ryzen 5 3450G Firmware Ryzen 5 3500U Firmware Ryzen 5 3550H Firmware Ryzen 5 3600 Firmware Ryzen 5 3600X Firmware Ryzen 5 3600Xt Firmware Ryzen 7 3700U Firmware Ryzen 7 3700X Firmware Ryzen 7 3750H Firmware Ryzen 7 3800X Firmware Ryzen 7 3800Xt Firmware Ryzen 7 4700G Firmware Ryzen 7 4700Ge Firmware Ryzen 5 4600G Firmware Ryzen 5 4600Ge Firmware Ryzen 3 4300G Firmware Ryzen 3 4300Ge Firmware Ryzen 9 4900H Firmware Ryzen 7 4800U Firmware Ryzen 7 4700U Firmware Ryzen 7 4800H Firmware Ryzen 5 4600U Firmware Ryzen 5 4500U Firmware Ryzen 5 4600H Firmware Ryzen 3 4300U Firmware Athlon Gold 3150U Firmware Athlon Silver 3050U Firmware Epyc 7001 Firmware Epyc 7251 Firmware Epyc 7261 Firmware Epyc 7281 Firmware Epyc 7301 Firmware Epyc 7351 Firmware Epyc 7351P Firmware Epyc 7371 Firmware Epyc 7401 Firmware Epyc 7401P Firmware Epyc 7451 Firmware Epyc 7501 Firmware Epyc 7551 Firmware Epyc 7551P Firmware Epyc 7601 Firmware Epyc 7002 Firmware Epyc 7252 Firmware Epyc 7262 Firmware Epyc 7272 Firmware Epyc 7282 Firmware Epyc 7302 Firmware Epyc 7302P Firmware Epyc 7352 Firmware Epyc 7402 Firmware Epyc 7402P Firmware Epyc 7452 Firmware Epyc 7502 Firmware Epyc 7502P Firmware Epyc 7532 Firmware Epyc 7542 Firmware Epyc 7552 Firmware Epyc 7642 Firmware Epyc 7662 Firmware Epyc 7702 Firmware Epyc 7742 Firmware Epyc 7F32 Firmware Epyc 7F52 Firmware Epyc 7F72 Firmware Epyc 7H12 Firmware
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 12, 2022 - 19:15 nvd
MEDIUM 6.5

DescriptionNVD

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.

AnalysisAI

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-212. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. Affected products include: Debian Debian Linux, Fedoraproject Fedora, Xen, Amd Athlon X4 750 Firmware, Amd Athlon X4 760K Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-49113 CRITICAL POC
9.9 Jun 02

Roundcube Webmail contains a critical PHP object deserialization vulnerability (CVE-2025-49113, CVSS 9.9) that allows au

CVE-2026-24061 CRITICAL POC
9.8 Jan 21

GNU Inetutils telnetd through version 2.7 contains a critical authentication bypass that allows remote attackers to gain

CVE-2025-32433 CRITICAL POC
10.0 Apr 16

Erlang/OTP SSH server allows unauthenticated remote code execution by exploiting a flaw in SSH protocol message handling

CVE-2017-11610 HIGH POC
8.8 Aug 23

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows rem

CVE-2015-0235 CRITICAL POC
10.0 Jan 28

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18,

CVE-2014-3704 HIGH POC
7.5 Oct 16

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct

CVE-2013-0156 HIGH POC
7.5 Jan 13

active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, an

CVE-2017-12629 CRITICAL POC
9.8 Oct 14

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction wi

CVE-2017-14492 CRITICAL POC
9.8 Oct 03

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execut

CVE-2014-2323 CRITICAL POC
9.8 Mar 14

SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary

CVE-2016-2098 HIGH POC
7.3 Apr 07

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to e

CVE-2016-6662 CRITICAL POC
9.8 Sep 20

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.2

Share

CVE-2022-29900 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy