← back
CVE-2022-29901

Arbitrary Memory Disclosure through CPU Side-Channel Attacks (Retbleed)

CVSS 5.6 MEDIUMEPSS 4.9%CWE-200
In short

A vulnerability in Intel processors allows attackers to leak sensitive data from the computer's memory through a technique that exploits how processors handle return instructions. An unprivileged user can trigger this flaw to access confidential information like passwords or encryption keys.

Technical detail

This Spectre variant (Retbleed) bypasses retpoline mitigations on Intel microprocessors (generations 6-8) by hijacking return instructions to achieve speculative code execution. An unprivileged local attacker can leak arbitrary kernel or process memory by manipulating return address prediction under specific microarchitecture conditions, resulting in information disclosure.

Summary generated and translated by AI from the official description.
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Affected products
Intel · Intel Microprocessors

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://comsec.ethz.ch/retbleedhttps://lists.debian.org/debian-lts-announce/2022/09/msg00011.htmlhttps://lists.debian.org/debian-lts-announce/2022/12/msg00034.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4RW5FCIYFNCQOEFJEUIRW3DGYW7CWBG/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M27MB3QFNIJV4EQQSXWARHP3OGX6CR6K/https://security.gentoo.org/glsa/202402-07https://security.netapp.com/advisory/ntap-20221007-0007/https://www.debian.org/security/2022/dsa-5207https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.htmlhttps://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/http://www.openwall.com/lists/oss-security/2022/07/12/2http://www.openwall.com/lists/oss-security/2022/07/12/4