VDB
CVE-2022-23824
CVE-2022-23824
PUBLISHED
Es existiert eine Schwachstelle in AMD Prozessoren und Xen. Diese besteht in der Komponente "Indirect Branch Prediction Barrier" welche zum Schutz vor Spectre-Angriffen dienen soll. Diese verhält sich nicht wie vorgesehen und kann es dadurch ermöglichen Branch Predicitions durchzuführen. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen.
EPSS 0.04% · 12.9th percentile
Risk Scores
EPSS Score
0.04%
12.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Open Source | Open Source Xen | |
| SUSE | SUSE Linux | |
| AMD | AMD Prozessor |
Timeline
- Nov 8, 2022 CVE Published
- Nov 9, 2022 PoC Published
- Nov 10, 2022 EPSS Score
- Dec 7, 2022 PoC Published
- Dec 23, 2022 EPSS Score
- Feb 4, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 8, 2023 CVE Updated
- Mar 19, 2023 EPSS Score
- May 1, 2023 EPSS Score
- Jun 13, 2023 EPSS Score
- Jun 14, 2023 PoC Published
References
- https://xenbits.xen.org/xsa/advisory-422.html advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2001.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2001 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-March/014000.html advisory
- https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-January/013521.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-January/013540.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-January/013545.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-January/013550.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-January/013555.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-January/013595.html advisory