6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
7.2 High
AI Score
Confidence
High
1.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:S/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
8.8%
Package : linux-5.10
Version : 5.10.179-5~deb10u1
CVE ID : CVE-2022-40982 CVE-2023-20569
CVE-2022-40982
Daniel Moghimi discovered Gather Data Sampling (GDS), a hardware
vulnerability for Intel CPUs which allows unprivileged speculative
access to data which was previously stored in vector registers.
This mitigation requires updated CPU microcode provided in the
intel-microcode package.
For details please refer to <https://downfall.page/> and
<https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/gather-data-sampling.html>.
CVE-2023-20569
Daniel Trujillo, Johannes Wikner and Kaveh Razavi discovered
INCEPTION, also known as Speculative Return Stack Overflow (SRSO),
a transient execution attack that leaks arbitrary data on all AMD
Zen CPUs. An attacker can mis-train the CPU BTB to predict non-
architectural CALL instructions in kernel space and use this to
control the speculative target of a subsequent kernel RET,
potentially leading to information disclosure via a speculative
side-channel.
For details please refer to
<https://comsec.ethz.ch/research/microarch/inception/> and
<https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-7005>.
For Debian 10 buster, these problems have been fixed in version
5.10.179-5~deb10u1.
We recommend that you upgrade your linux-5.10 packages.
For the detailed security status of linux-5.10 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/linux-5.10
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
7.2 High
AI Score
Confidence
High
1.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:S/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
8.8%