Vulnerabilities > CVE-2022-29901 - Exposure of Resource to Wrong Sphere vulnerability in multiple products

047910
CVSS 6.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE

Summary

Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.

Vulnerable Configurations

Part Description Count
OS
Intel
125
OS
Xen
1
OS
Fedoraproject
2
OS
Vmware
15
OS
Debian
2
Hardware
Intel
125

Common Weakness Enumeration (CWE)

References