CVE-2022-29901 MEDIUM

CVE-2022-29901: Arbitrary Memory Disclosure through CPU Side-Channel Attacks (Retbleed)

Vendor Intel

Product Intel Microprocessors

Weakness CWE-200 · Info exposure

Published July 12, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

5.6/10

Attack vector Local

Attack complexity High

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.

Key dates

02Disclosure timeline

July 12, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-29901 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

CVE-2022-29901: Arbitrary Memory Disclosure through CPU Side-Channel Attacks (Retbleed)

01Description

02Disclosure timeline

03References

04Related CVE