Bug 2119127 (CVE-2022-23824) - CVE-2022-23824 hw: cpu: AMD: IBPB and Return Address Predictor Interactions
Summary: CVE-2022-23824 hw: cpu: AMD: IBPB and Return Address Predictor Interactions
Keywords:
Status: NEW
Alias: CVE-2022-23824
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2141263 2141274 2141275 2141276 2141277 2141279 2141280 2141281 2141282 2141283 2141284 2141285 2141286 2141287 2141288 2141289 2141290 2141291 2141293 2141294 2141295 2141297 2141298 2141273 2141278 2141292 2141296
Blocks: 2097540
TreeView+ depends on / blocked
 
Reported: 2022-08-17 15:41 UTC by Alex
Modified: 2022-12-31 23:35 UTC (History)
53 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in hw. The AMD CPUs can be attacked similar to the previously known Spectre Variant 2 (CVE-2017-5715). This issue affects AMD CPUs where the OS relies on IBPB to flush the return address predictor. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.
Clone Of:
Environment:
Last Closed: 2022-11-09 10:37:16 UTC


Attachments (Terms of Use)

Description Alex 2022-08-17 15:41:12 UTC
IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.

This issue (CVE-2022-23824 or AMD-SN-1040) related to CVE-2017-5715 previously known as Spectre Variant 2. As part of our efforts to continue improving security features, AMD has investigated issues related to CVE-2017-5715 in the recent months. Previously notified of one of the potential issues related to CVE-2017-5715 (in AMD-SN-1036). In some situations, IBPB may fail to prevent return branch predictions from being specified by pre-IBPB branch targets leading to potential information disclosure.

Reference:
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036
https://www.amd.com/system/files/documents/software-techniques-for-managing-speculation.pdf
https://access.redhat.com/security/vulnerabilities/speculativeexecution

Comment 5 Alex 2022-11-09 11:14:53 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2141263]


Note You need to log in before you can comment on or make changes to this bug.