CVE-2022-29900

MEDIUM

AMD APU Firmware - Arbitrary Speculative Code Execution

Title source: llm

Description

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.

References (6)

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/

[Mailing List] https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html

[Third Party Advisory] https://security.gentoo.org/glsa/202402-07

[Vendor Advisory] https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037

[Various Sources] https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/

[Third Party Advisory] https://www.debian.org/security/2022/dsa-5207

Scores

CVSS v3 6.5

EPSS 0.0141

EPSS Percentile 80.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-212

Status published

Products (50)

amd/a10-9600p_firmware

amd/a10-9630p_firmware

amd/a12-9700p_firmware

amd/a12-9730p_firmware

amd/a4-9120_firmware

amd/a6-9210_firmware

amd/a6-9220_firmware

amd/a6-9220c_firmware

amd/a9-9410_firmware

amd/a9-9420_firmware

... and 40 more

Published Jul 12, 2022

Tracked Since Feb 18, 2026