{
  "threat_severity" : "Moderate",
  "public_date" : "2022-07-12T00:00:00Z",
  "bugzilla" : {
    "description" : "hw: cpu: AMD: Branch Type Confusion (non-retbleed)",
    "id" : "2103153",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2103153"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.6",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-200",
  "details" : [ "Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.", "A flaw was found in hw. Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type, potentially leading to information disclosure." ],
  "acknowledgement" : "Red Hat would like to thank AMD for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2022-11-02T00:00:00Z",
    "advisory" : "RHSA-2022:7338",
    "cpe" : "cpe:/a:redhat:rhel_extras_rt:7",
    "package" : "kernel-rt-0:3.10.0-1160.80.1.rt56.1225.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2022-11-02T00:00:00Z",
    "advisory" : "RHSA-2022:7337",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-1160.80.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-10-25T00:00:00Z",
    "advisory" : "RHSA-2022:7134",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv",
    "package" : "kernel-rt-0:4.18.0-372.32.1.rt7.189.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-10-25T00:00:00Z",
    "advisory" : "RHSA-2022:7110",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-372.32.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2022-11-15T00:00:00Z",
    "advisory" : "RHSA-2022:8267",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-162.6.1.el9_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2022-11-15T00:00:00Z",
    "advisory" : "RHSA-2022:7933",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9::nfv",
    "package" : "kernel-rt-0:5.14.0-162.6.1.rt21.168.el9_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2022-11-15T00:00:00Z",
    "advisory" : "RHSA-2022:8267",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-162.6.1.el9_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Extended Update Support",
    "release_date" : "2022-12-13T00:00:00Z",
    "advisory" : "RHSA-2022:8973",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.0",
    "package" : "kernel-0:5.14.0-70.36.1.el9_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Extended Update Support",
    "release_date" : "2022-12-13T00:00:00Z",
    "advisory" : "RHSA-2022:8974",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.0::nfv",
    "package" : "kernel-rt-0:5.14.0-70.36.1.rt21.108.el9_0"
  }, {
    "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
    "release_date" : "2022-10-25T00:00:00Z",
    "advisory" : "RHSA-2022:7110",
    "cpe" : "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
    "package" : "kernel-0:4.18.0-372.32.1.el8_6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Will not fix",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-23825\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-23825\nhttps://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037" ],
  "name" : "CVE-2022-23825",
  "csaw" : false
}