oss-sec mailing list archives
Re: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions
From: Salvatore Bonaccorso <carnil () debian org>
Date: Tue, 12 Jul 2022 21:27:07 +0200
Hi, On Tue, Jul 12, 2022 at 04:36:10PM +0000, Xen.org security team wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2022-23816,CVE-2022-23825,CVE-2022-29900 / XSA-407 Retbleed - arbitrary speculative code execution with return instructions ISSUE DESCRIPTION ================= Researchers at ETH Zurich have discovered Retbleed, allowing for arbitrary speculative execution in a victim context. For more details, see: https://comsec.ethz.ch/retbleed ETH Zurich have allocated CVE-2022-29900 for AMD and CVE-2022-29901 for Intel. Despite the similar preconditions, these are very different microarchitectural behaviours between vendors. On AMD CPUs, Retbleed is one specific instance of a more general microarchitectural behaviour called Branch Type Confusion. AMD have assigned CVE-2022-23816 (Retbleed) and CVE-2022-23825 (Branch Type Confusion). For more details, see: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037
Is it confirmed that AMD is not using CVE-2022-29900? The above amd-sb-1037 references as well both CVE-2022-23825 (Branch Type Confusion) and CVE-2022-29900 (RETbleed), so I assume they agreed to use CVE-2022-29900 for retbleed? So should the Xen advisory as well use CVE-2022-23825,CVE-2022-29900 and CVE-2022-29901? Regards, Salvatore
Current thread:
- Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions Xen . org security team (Jul 12)
- Re: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions Salvatore Bonaccorso (Jul 12)