Ubuntu.comUB:CVE-2022-27672CVE-2022-27672
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:H/Au:S/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
8.2%
When SMT is enabled, certain AMD processors may speculatively execute
instructions using a target from the sibling thread after an SMT mode
switch potentially resulting in information disclosure.
Notes
| Author | Note |
|---|---|
| mdeslaur | hypervisor packages are in universe. For issues in the hypervisor, add appropriate tags to each section, ex: Tags_xen: universe-binary |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | linux | < 4.15.0-218.229) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
| ubuntu | 20.04 | noarch | linux | < 5.4.0-156.173 | UNKNOWN |
| ubuntu | 22.04 | noarch | linux | < 5.15.0-72.79 | UNKNOWN |
| ubuntu | 22.10 | noarch | linux | < 5.19.0-42.43 | UNKNOWN |
| ubuntu | 22.04 | noarch | linux-allwinner-5.19 | < 5.19.0-1012.12~22.04.1 | UNKNOWN |
| ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1161.174) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
| ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1107.115 | UNKNOWN |
| ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1036.40 | UNKNOWN |
| ubuntu | 22.10 | noarch | linux-aws | < 5.19.0-1025.26 | UNKNOWN |
| ubuntu | 20.04 | noarch | linux-aws-5.15 | < 5.15.0-1036.40~20.04.1 | UNKNOWN |
References
kernel.org/doc/html//next/admin-guide/hw-vuln/cross-thread-rsb.html
launchpad.net/bugs/cve/CVE-2022-27672
nvd.nist.gov/vuln/detail/CVE-2022-27672
security-tracker.debian.org/tracker/CVE-2022-27672
ubuntu.com/security/notices/USN-5978-1
ubuntu.com/security/notices/USN-6079-1
ubuntu.com/security/notices/USN-6080-1
ubuntu.com/security/notices/USN-6085-1
ubuntu.com/security/notices/USN-6090-1
ubuntu.com/security/notices/USN-6091-1
ubuntu.com/security/notices/USN-6096-1
ubuntu.com/security/notices/USN-6133-1
ubuntu.com/security/notices/USN-6134-1
ubuntu.com/security/notices/USN-6284-1
ubuntu.com/security/notices/USN-6301-1
ubuntu.com/security/notices/USN-6312-1
ubuntu.com/security/notices/USN-6314-1
ubuntu.com/security/notices/USN-6331-1
ubuntu.com/security/notices/USN-6337-1
ubuntu.com/security/notices/USN-6385-1
ubuntu.com/security/notices/USN-6396-1
ubuntu.com/security/notices/USN-6396-2
ubuntu.com/security/notices/USN-6396-3
www.amd.com/en/corporate/product-security/bulletin/amd-sb-1045
www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1045
www.cve.org/CVERecord?id=CVE-2022-27672
www.openwall.com/lists/oss-security/2023/02/14/4
xenbits.xen.org/xsa/advisory-426.html
Related
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:H/Au:S/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
8.2%