4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:H/Au:S/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
8.2%
A flaw was found in HW. When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch, potentially resulting in information disclosure.
The current mitigations for spectre V4 (or spectre_v2) should mitigate this flaw, no additional steps will need to be taken.
In more details, according to the article
<https://kernel.org/doc/html//next/admin-guide/hw-vuln/cross-thread-rsb.html>
Two mitigations are needed:
The command to check if mitigation is active:
cat /sys/devices/system/cpu/vulnerabilities/spectre_v2
bugzilla.redhat.com/show_bug.cgi?id=2174765
kernel.org/doc/html//next/admin-guide/hw-vuln/cross-thread-rsb.html
nvd.nist.gov/vuln/detail/CVE-2022-27672
www.amd.com/en/corporate/product-security/bulletin/amd-sb-1045
www.cve.org/CVERecord?id=CVE-2022-27672
www.openwall.com/lists/oss-security/2023/02/14/4
xenbits.xen.org/xsa/advisory-426.html
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:H/Au:S/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
8.2%