{ "threat_severity" : "Moderate", "public_date" : "2023-02-14T00:00:00Z", "bugzilla" : { "description" : "kernel: AMD: Cross-Thread Return Address Predictions", "id" : "2174765", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2174765" }, "cvss3" : { "cvss3_base_score" : "4.7", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "status" : "verified" }, "details" : [ "When SMT is enabled, certain AMD processors may speculatively execute instructions using a target\nfrom the sibling thread after an SMT mode switch potentially resulting in information disclosure.", "A flaw was found in HW. When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch, potentially resulting in information disclosure." ], "statement" : "The Red Hat Enterprise Linux 8 and 9 are not affected if spectre_v2 mitigation enabled (and it is enabled by default).", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date" : "2023-11-21T00:00:00Z", "advisory" : "RHSA-2023:7370", "cpe" : "cpe:/a:redhat:rhel_eus:9.2", "package" : "kernel-0:5.14.0-284.40.1.el9_2" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date" : "2023-11-21T00:00:00Z", "advisory" : "RHSA-2023:7379", "cpe" : "cpe:/a:redhat:rhel_eus:9.2::nfv", "package" : "kernel-rt-0:5.14.0-284.40.1.rt14.325.el9_2" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-27672\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-27672\nhttps://kernel.org/doc/html//next/admin-guide/hw-vuln/cross-thread-rsb.html\nhttps://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1045\nhttps://www.openwall.com/lists/oss-security/2023/02/14/4\nhttps://xenbits.xen.org/xsa/advisory-426.html" ], "name" : "CVE-2022-27672", "mitigation" : { "value" : "The current mitigations for spectre V4 (or spectre_v2) should mitigate this flaw, no additional steps will need to be taken.\nIn more details, according to the article \nhttps://kernel.org/doc/html//next/admin-guide/hw-vuln/cross-thread-rsb.html\nTwo mitigations are needed:\n1) Stuff the RSB during context switch which is already being done in RHEL8/RHEL9 as long as the spectre_v2 mitigation is active.\n2) For KVM, the mitigation for the KVM_CAP_X86_DISABLE_EXITS capability can be turned on using the boolean module parameter mitigate_smt_rsb, e.g. vm.mitigate_smt_rsb=1.\nThe command to check if mitigation is active:\ncat /sys/devices/system/cpu/vulnerabilities/spectre_v2", "lang" : "en:us" }, "csaw" : false }