CVE-2022-29901
MEDIUMIntel Core i7 Firmware - Spectre Retpoline Bypass Exposes Sensitive Information
Title source: llmDescription
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.
References (14)
Core 14
Core References
Mailing List mailing-list
http://www.openwall.com/lists/oss-security/2022/07/12/5
Mailing List mailing-list
http://www.openwall.com/lists/oss-security/2022/07/13/1
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M27MB3QFNIJV4EQQSXWARHP3OGX6CR6K/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4RW5FCIYFNCQOEFJEUIRW3DGYW7CWBG/
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202402-07
Various Sources
https://comsec.ethz.ch/retbleed
Various Sources
https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/
Vendor Advisory
https://security.netapp.com/advisory/ntap-20221007-0007/
Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html
Third Party Advisory vendor-advisory
https://www.debian.org/security/2022/dsa-5207
Mailing List mailing-list
http://www.openwall.com/lists/oss-security/2022/07/12/2
Mailing List mailing-list
http://www.openwall.com/lists/oss-security/2022/07/12/4
Scores
CVSS v3
5.6
EPSS
0.0007
EPSS Percentile
22.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Details
CWE
CWE-200
CWE-668
Status
published
Products (50)
debian/debian_linux
10.0
debian/debian_linux
11.0
fedoraproject/fedora
35
fedoraproject/fedora
36
intel/core_i3-6100_firmware
intel/core_i3-6100e_firmware
intel/core_i3-6100h_firmware
intel/core_i3-6100t_firmware
intel/core_i3-6100te_firmware
intel/core_i3-6100u_firmware
... and 40 more
Published
Jul 12, 2022
Tracked Since
Feb 18, 2026