Bug 2119127 (CVE-2022-23824)
Summary: | CVE-2022-23824 hw: cpu: AMD: IBPB and Return Address Predictor Interactions | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Alex <allarkin> |
Component: | vulnerability | Assignee: | Nobody <nobody> |
Status: | NEW --- | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | acaringi, adscvr, airlied, alciregi, bhu, brdeoliv, chwhite, crwood, ddepaula, debarbos, dvlasenk, ezulian, hdegoede, hkrzesin, hpa, iwienand, jarod, jarodwilson, jburrell, jfaracco, jferlan, jforbes, jglisse, jlelli, joe.lawrence, jonathan, josef, jshortt, jstancek, jwboyer, jwyatt, kcarcia, kernel-maint, kernel-mgr, lgoncalv, linville, lleshchi, lzampier, masami256, mchehab, mvanderw, nmurray, ptalbert, qzhao, rvrbovsk, scweaver, steved, tyberry, vkumar, walters, williams |
Target Milestone: | --- | Keywords: | Reopened, Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw was found in hw. The AMD CPUs can be attacked similar to the previously known Spectre Variant 2 (CVE-2017-5715). This issue affects AMD CPUs where the OS relies on IBPB to flush the return address predictor. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2022-11-09 10:37:16 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2141263, 2141273, 2141274, 2141275, 2141276, 2141277, 2141278, 2141279, 2141280, 2141281, 2141282, 2141283, 2141284, 2141285, 2141286, 2141287, 2141288, 2141289, 2141290, 2141291, 2141292, 2141293, 2141294, 2141295, 2141296, 2141297, 2141298, 2209638, 2209639, 2210536, 2210537, 2213229, 2213230, 2213231, 2213232 | ||
Bug Blocks: | 2097540 |
Description
Alex
2022-08-17 15:41:12 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2141263] Thank you Alex, but are we still missing the 8.9.y bz? Or this is supposed to be merged on Y? I have a look at the related RHEL-8 side of things, and per my comment [1] I believe that the same buffer stacking on the RHEL-9 branch are also on all RHEL-8 branches, and enabled by the spectrev2 mitigation. I'm assuming that, based on that, the RHEL-8 trackers should be closed in the same was the 9 trackers from comment #23? [1] https://bugzilla.redhat.com/show_bug.cgi?id=2210536#c3 I mean "return stack buffer stuffing" sorry ... |