Bug 1201457 (CVE-2022-23825)

Summary: VUL-0: CVE-2022-23825: kernel: AMD: Branch Type Confusion (non-retbleed)
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Borislav Petkov <bpetkov>
Status: RESOLVED WONTFIX QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: security-team, thomas.leroy, tiwai
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/336844/
Whiteboard: CVSSv3.1:SUSE:CVE-2022-23825:5.6:(AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on: 1201469    
Bug Blocks:    

Description Marcus Meissner 2022-07-13 07:25:50 UTC 
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037

This security bulletin addresses two issues related to CVE-2017-5715 previously known as Spectre Variant 2. As part of our efforts to continue improving security features, AMD has investigated additional issues related to CVE-2017-5715.  This security bulletin addresses subsequent potential issues.

CVE-2022-23825 (Branch Type Confusion)

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
Comment 3 Thomas Leroy 2022-08-11 10:25:38 UTC 
Nothing we can do here. Closing.