CVE-2022-27672

NameCVE-2022-27672
DescriptionWhen SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1031567

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)buster4.19.249-2vulnerable
buster (security)4.19.304-1vulnerable
bullseye5.10.209-2vulnerable
bullseye (security)5.10.205-2vulnerable
bookworm6.1.76-1fixed
bookworm (security)6.1.69-1fixed
sid, trixie6.6.15-2fixed
xen (PTS)buster, buster (security)4.11.4+107-gef32c7afa2-1fixed
bullseye4.14.6-1fixed
bullseye (security)4.14.5+94-ge49571868d-1fixed
bookworm4.17.3+10-g091466ba55-1~deb12u1fixed
sid, trixie4.17.3+10-g091466ba55-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsource(unstable)6.1.12-1
xensourcebuster(not affected)
xensourcebullseye(not affected)
xensource(unstable)4.17.0+46-gaaf74a532c-11031567

Notes

[bullseye] - xen <not-affected> (Vulnerable code not present)
[buster] - xen <not-affected> (Vulnerable code not present)
https://www.openwall.com/lists/oss-security/2023/02/14/4
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1045
https://xenbits.xen.org/xsa/advisory-426.html
https://kernel.org/doc/html//next/admin-guide/hw-vuln/cross-thread-rsb.html

Search for package or bug name: Reporting problems