Bug 1201457 (CVE-2022-23825) - VUL-0: CVE-2022-23825: kernel: AMD: Branch Type Confusion (non-retbleed)
Summary: VUL-0: CVE-2022-23825: kernel: AMD: Branch Type Confusion (non-retbleed)
Status: RESOLVED WONTFIX
Alias: CVE-2022-23825
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Borislav Petkov
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/336844/
Whiteboard: CVSSv3.1:SUSE:CVE-2022-23825:5.6:(AV:...
Keywords:
Depends on: 1201469
Blocks:
  Show dependency treegraph
 
Reported: 2022-07-13 07:25 UTC by Marcus Meissner
Modified: 2022-08-11 10:25 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2022-07-13 07:25:50 UTC 
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037

This security bulletin addresses two issues related to CVE-2017-5715 previously known as Spectre Variant 2. As part of our efforts to continue improving security features, AMD has investigated additional issues related to CVE-2017-5715.  This security bulletin addresses subsequent potential issues.

CVE-2022-23825 (Branch Type Confusion)

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
Comment 3 Thomas Leroy 2022-08-11 10:25:38 UTC 
Nothing we can do here. Closing.