6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:S/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
28.7%
kernel is vulnerable to authentication bypass. An attacker can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.
www.openwall.com/lists/oss-security/2022/07/12/2
www.openwall.com/lists/oss-security/2022/07/12/4
www.openwall.com/lists/oss-security/2022/07/12/5
www.openwall.com/lists/oss-security/2022/07/13/1
access.redhat.com/errata/RHSA-2022:7110
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=2103148
comsec.ethz.ch/retbleed
lists.debian.org/debian-lts-announce/2022/09/msg00011.html
lists.debian.org/debian-lts-announce/2022/12/msg00034.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4RW5FCIYFNCQOEFJEUIRW3DGYW7CWBG/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M27MB3QFNIJV4EQQSXWARHP3OGX6CR6K/
lists.fedoraproject.org/archives/list/[email protected]/message/D4RW5FCIYFNCQOEFJEUIRW3DGYW7CWBG/
lists.fedoraproject.org/archives/list/[email protected]/message/M27MB3QFNIJV4EQQSXWARHP3OGX6CR6K/
security.netapp.com/advisory/ntap-20221007-0007/
www.debian.org/security/2022/dsa-5207
www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html
www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/
6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:S/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
28.7%