Summary

Security Advisory ID : BSA-2022-2013

Component : RETBLEED

Revision : 1.0: Final

A research team in Switzerland has found a new variant of the speculative execution vulnerabilities that affect some Intel and AMD chips aka RETBLEED.

Retbleed (CVE-2022-29900 and CVE-2022-29901) is the new addition to the family of speculative execution attacks that exploit branch target injection to leak information, which we call Spectre-BTI. Unlike its siblings, who trigger harmful branch target speculation by exploiting indirect jumps or calls, Retbleed exploits return instructions. More at https://comsec.ethz.ch/research/microarch/retbleed/

• CVE-2022-29900

AMD microprocessor families 15h to 18h are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.  CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N : 6.5 Meduim

• CVE-2022-2991

Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N: 5.6 Meduim

Products Confirmed Not Vulnerable

No Brocade Fibre Channel products from Broadcom Products are currently known to be affected by RETBLEED.

Note

Brocade Manageability and Brocade ASCG products are not vulnerable to RETBLEED. However, since the environment that runs the products is not under Brocade's Control, Brocade recommends that customers apply the vendors' recommendations.

Revision History