Lucene search

K

Veracode Vulnerability DatabaseVERACODE:37864

HistoryNov 10, 2022 - 12:24 a.m.

Authentication Bypass

2022-11-1000:24:39

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

15

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

28.7%

kernel is vulnerable to authentication bypass. An attacker can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.

CPENameOperatorVersion
kernel-rteq3.10.0__957.12.2.rt56.929.el7
kernel-rteq3.10.0__957.21.2.rt56.934.el7
kernel-rteq4.18.0__257.rt7.22.el8
kernel-rteq4.18.0__305.93.1.rt7.168.el8_4
kernel-rteq4.18.0__331.rt7.112.el8
kernel-rteq3.10.0__693.11.1.rt56.632.el7
kernel-rteq4.18.0__338.rt7.119.el8
kernel-rteq4.18.0__193.24.1.rt13.74.el8_2.dt1
kernel-rteq3.10.0__514.2.2.rt56.424.el7
kernel-rteq4.18.0__357.rt7.142.el8

Rows per page:

1-10 of 7981

References

www.openwall.com/lists/oss-security/2022/07/12/2

www.openwall.com/lists/oss-security/2022/07/12/4

www.openwall.com/lists/oss-security/2022/07/12/5

www.openwall.com/lists/oss-security/2022/07/13/1

access.redhat.com/errata/RHSA-2022:7110

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=2103148

comsec.ethz.ch/retbleed

lists.debian.org/debian-lts-announce/2022/09/msg00011.html

lists.debian.org/debian-lts-announce/2022/12/msg00034.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4RW5FCIYFNCQOEFJEUIRW3DGYW7CWBG/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M27MB3QFNIJV4EQQSXWARHP3OGX6CR6K/

lists.fedoraproject.org/archives/list/[email protected]/message/D4RW5FCIYFNCQOEFJEUIRW3DGYW7CWBG/

lists.fedoraproject.org/archives/list/[email protected]/message/M27MB3QFNIJV4EQQSXWARHP3OGX6CR6K/

security.netapp.com/advisory/ntap-20221007-0007/

www.debian.org/security/2022/dsa-5207

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html

www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

28.7%

Related for VERACODE:37864

debiancve1 nessus63 intel1 ubuntucve1 cve1 prion1 redhatcve1 f52 openvas42 oraclelinux10 thn1 ibm2 xen1 fedora2 vmware3 ubuntu14 osv21 mageia2 almalinux2 rocky2 redhat11 amazon3 debian3 photon2 suse7