{ "threat_severity" : "Moderate", "public_date" : "2022-08-09T06:30:00Z", "bugzilla" : { "description" : "hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions", "id" : "2115065", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2115065" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status" : "verified" }, "cwe" : "CWE-200", "details" : [ "Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.", "A flaw was found in hw. In certain processors with Intel's Enhanced Indirect Branch Restricted Speculation (eIBRS) capabilities, soon after VM exit or IBPB command event, the linear address following the most recent near CALL instruction prior to a VM exit may be used as the Return Stack Buffer (RSB) prediction." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2022-11-02T00:00:00Z", "advisory" : "RHSA-2022:7338", "cpe" : "cpe:/a:redhat:rhel_extras_rt:7", "package" : "kernel-rt-0:3.10.0-1160.80.1.rt56.1225.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2022-11-02T00:00:00Z", "advisory" : "RHSA-2022:7337", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "kernel-0:3.10.0-1160.80.1.el7" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2022-11-08T00:00:00Z", "advisory" : "RHSA-2022:7444", "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv", "package" : "kernel-rt-0:4.18.0-425.3.1.rt7.213.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2022-11-08T00:00:00Z", "advisory" : "RHSA-2022:7683", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-425.3.1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date" : "2023-01-24T00:00:00Z", "advisory" : "RHSA-2023:0440", "cpe" : "cpe:/o:redhat:rhel_eus:8.6", "package" : "kernel-0:4.18.0-372.41.1.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2022-11-15T00:00:00Z", "advisory" : "RHSA-2022:8267", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-162.6.1.el9_1" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2022-11-15T00:00:00Z", "advisory" : "RHSA-2022:7933", "cpe" : "cpe:/a:redhat:enterprise_linux:9::nfv", "package" : "kernel-rt-0:5.14.0-162.6.1.rt21.168.el9_1" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2022-11-15T00:00:00Z", "advisory" : "RHSA-2022:8267", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-162.6.1.el9_1" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8973", "cpe" : "cpe:/a:redhat:rhel_eus:9.0", "package" : "kernel-0:5.14.0-70.36.1.el9_0" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date" : "2022-12-13T00:00:00Z", "advisory" : "RHSA-2022:8974", "cpe" : "cpe:/a:redhat:rhel_eus:9.0::nfv", "package" : "kernel-rt-0:5.14.0-70.36.1.rt21.108.el9_0" }, { "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date" : "2023-01-24T00:00:00Z", "advisory" : "RHSA-2023:0440", "cpe" : "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package" : "kernel-0:4.18.0-372.41.1.el8_6" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Will not fix", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-26373\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-26373\nhttps://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/post-barrier-return-stack-buffer-predictions.html" ], "name" : "CVE-2022-26373", "csaw" : false }