CVE-2022-29901

NameCVE-2022-29901
DescriptionIntel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)buster4.19.235-1vulnerable
buster (security)4.19.249-2vulnerable
bullseye5.10.127-1vulnerable
bullseye (security)5.10.127-2vulnerable
bookworm, sid5.18.14-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsource(unstable)5.18.14-1

Notes

https://comsec.ethz.ch/research/microarch/retbleed/
https://comsec.ethz.ch/wp-content/files/retbleed_sec22.pdf
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html

Search for package or bug name: Reporting problems