4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:H/Au:S/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
7.2%
Bulletin ID: AMD-SB-1045 Potential Impact: Information Disclosure
AMD internally discovered a potential vulnerability where certain AMD processors may speculatively execute instructions at an incorrect return site after an SMT mode switch that may potentially lead to information disclosure. AMD believes that due to existing mitigations applied to address other speculation-based issues, theoretical avenues for potential exploit of CVE-2022-27672 may be limited only to select virtualization environments where a virtual machine is given special privileges. As of this notice, AMD is not aware of any actual real-world exploits based on this behavior.
CVE-2022-27672
When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure.
Desktop
AMD Athlon⢠X4 Processor
AMD Ryzen⢠Threadripper⢠PRO Processor
2nd Gen AMD Ryzen⢠Threadripper⢠Processors
3rd Gen AMD Ryzen⢠Threadripper⢠Processors
7th Generation AMD A-Series APUs
AMD Ryzen⢠2000 Series Desktop Processors
AMD Ryzen⢠3000 Series Desktop Processors
AMD Ryzen⢠4000 Series Desktop Processors with Radeon⢠Graphics
Mobile
AMD Ryzen⢠2000 Series Mobile Processor
AMD Athlon⢠3000 Series Mobile Processors with Radeon⢠Graphics
AMD Ryzen⢠3000 Series Mobile Processors or 2nd Gen AMD Ryzen⢠Mobile processors with Radeon⢠Graphics
AMD Ryzen⢠4000 Series Mobile processors with Radeon⢠Graphics
AMD Ryzen⢠5000 Series Mobile Processors with Radeon⢠Graphics
Chromebook
Server
1st Gen AMD EPYC⢠Processors
2nd Gen AMD EPYC⢠Processors
Mitigations may be specific to a respective OS/Hypervisor solution. Not all Hypervisor or OS vendors may be impacted. If applicable, an OS update to address this CVE may be available. AMD recommends that you contact your OS partners for details.
AMD recommends OS/Hypervisor developers review code paths that can result in a processor entering an idle state (e.g., HLT/MWAIT/IO C-state). If required, AMD recommends developers to consider the following mitigations:
Before entering the idle processor state, software can execute a sequence of 32 CALL instructions with non-0 displacement to fill the RAP with âsafeâ speculation targets.
HVs can prevent guest VMs from directly entering processor idle states by intercepting the HLT, MWAIT, and IN instructions. See APM Volume 2 [1] appendix B for details.
Refer to Glossary for explanation of terms
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:H/Au:S/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
7.2%