oss-sec mailing list archives
Re: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions
From: Salvatore Bonaccorso <carnil () debian org>
Date: Tue, 12 Jul 2022 21:34:30 +0200
Hi, On Tue, Jul 12, 2022 at 09:27:07PM +0200, Salvatore Bonaccorso wrote:
Hi, On Tue, Jul 12, 2022 at 04:36:10PM +0000, Xen.org security team wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2022-23816,CVE-2022-23825,CVE-2022-29900 / XSA-407 Retbleed - arbitrary speculative code execution with return instructions ISSUE DESCRIPTION ================= Researchers at ETH Zurich have discovered Retbleed, allowing for arbitrary speculative execution in a victim context. For more details, see: https://comsec.ethz.ch/retbleed ETH Zurich have allocated CVE-2022-29900 for AMD and CVE-2022-29901 for Intel. Despite the similar preconditions, these are very different microarchitectural behaviours between vendors. On AMD CPUs, Retbleed is one specific instance of a more general microarchitectural behaviour called Branch Type Confusion. AMD have assigned CVE-2022-23816 (Retbleed) and CVE-2022-23825 (Branch Type Confusion). For more details, see: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037Is it confirmed that AMD is not using CVE-2022-29900? The above amd-sb-1037 references as well both CVE-2022-23825 (Branch Type Confusion) and CVE-2022-29900 (RETbleed), so I assume they agreed to use CVE-2022-29900 for retbleed? So should the Xen advisory as well use CVE-2022-23825,CVE-2022-29900 and CVE-2022-29901?
Nevermind, I missunderstood the wording and the advisory just mentions all the related CVEs correctly and made a thinko. It might turn out that CVE-2022-23816 will not be used, but then the title would read only as Xen Security Advisory CVE-2022-23825,CVE-2022-29900 / XSA-407 So please disregard the question above. Salvatore
Current thread:
- Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions Xen . org security team (Jul 12)
- Re: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions Salvatore Bonaccorso (Jul 12)
- Re: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions Salvatore Bonaccorso (Jul 12)
- Re: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions Salvatore Bonaccorso (Jul 12)