CVE-2022-23825

MEDIUM

AMD Processors - Info Disclosure

Title source: llm

Description

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.

References (9)

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2022/11/08/1

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2022/11/10/2

[Vendor Advisory] https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037

[Third Party Advisory] https://www.debian.org/security/2022/dsa-5184

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4RW5FCIYFNCQOEFJEUIRW3DGYW7CWBG/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLSRW4LLTAT3CZMOYVNTC7YIYGX3KLED/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M27MB3QFNIJV4EQQSXWARHP3OGX6CR6K/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/

[Third Party Advisory] https://security.gentoo.org/glsa/202402-07

Scores

CVSS v3 6.5

EPSS 0.0014

EPSS Percentile 33.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Classification

CWE

CWE-668

Status published

Affected Products (50)

debian/debian_linux

fedoraproject/fedora

fedoraproject/fedora

amd/athlon_x4_750_firmware

amd/athlon_x4_760k_firmware

amd/athlon_x4_830_firmware

amd/athlon_x4_835_firmware

amd/athlon_x4_840_firmware

amd/athlon_x4_845_firmware

amd/athlon_x4_860k_firmware

amd/athlon_x4_870k_firmware

amd/athlon_x4_880k_firmware

amd/athlon_x4_940_firmware

amd/athlon_x4_950_firmware

amd/athlon_x4_970_firmware

... and 35 more

Timeline

Published Jul 14, 2022

Tracked Since Feb 18, 2026