Strix
26.1K

CVE-2022-27672

MEDIUMCVSS 4.7/10EPSS 0.29%

Last modified

CVE-2022-27672 is a medium-severity vulnerability rated 4.7/10 on the CVSS scale. When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure.. EPSS estimates a 0.29% chance of exploitation in the next 30 days.

Description

When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure.

Metrics

CVSS 3.1
4.7/10

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Probability
0.29%

20.5th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
AmdAthlon X4 750 FirmwareAll versions
AmdAthlon X4 760k FirmwareAll versions
AmdAthlon X4 830 FirmwareAll versions
AmdAthlon X4 840 FirmwareAll versions
AmdAthlon X4 860k FirmwareAll versions
AmdAthlon X4 870k FirmwareAll versions
AmdAthlon X4 880k FirmwareAll versions
AmdAthlon X4 835 FirmwareAll versions
AmdAthlon X4 845 FirmwareAll versions
AmdAthlon X4 940 FirmwareAll versions
AmdAthlon X4 950 FirmwareAll versions
AmdAthlon X4 970 FirmwareAll versions
AmdRyzen Threadripper Pro 5995wx FirmwareAll versions
AmdRyzen Threadripper Pro 5975w FirmwareAll versions
AmdRyzen Threadripper Pro 5965wx FirmwareAll versions
AmdRyzen Threadripper Pro 5955wx FirmwareAll versions
AmdRyzen Threadripper Pro 5945wx FirmwareAll versions
AmdRyzen Threadripper 2990wx FirmwareAll versions
AmdRyzen Threadripper 2970wx FirmwareAll versions
AmdRyzen Threadripper 2950x FirmwareAll versions
AmdRyzen Threadripper 2920x FirmwareAll versions
AmdRyzen Threadripper 3960x FirmwareAll versions
AmdRyzen Threadripper 3970x FirmwareAll versions
AmdRyzen Threadripper 3990x FirmwareAll versions
AmdA12-9730p FirmwareAll versions
AmdA12-9700p FirmwareAll versions
AmdA10-9630p FirmwareAll versions
AmdA10-9600p FirmwareAll versions
AmdA9-9420 FirmwareAll versions
AmdA9-9410 FirmwareAll versions
AmdA6-9220 FirmwareAll versions
AmdA6-9220c FirmwareAll versions
AmdA6-9210 FirmwareAll versions
AmdA4-9120 FirmwareAll versions
AmdA4-9120c FirmwareAll versions
AmdRyzen 7 2700x FirmwareAll versions
AmdRyzen 7 2700 FirmwareAll versions
AmdRyzen 5 2600x FirmwareAll versions
AmdRyzen 5 2600 FirmwareAll versions
AmdRyzen 3 1200 FirmwareAll versions
AmdRyzen 3 2300x FirmwareAll versions
AmdRyzen 5 1600 Af FirmwareAll versions
AmdRyzen 5 2500x FirmwareAll versions
AmdRyzen 7 2700e FirmwareAll versions
AmdRyzen 3 3100 FirmwareAll versions
AmdRyzen 3 3300x FirmwareAll versions
AmdRyzen 5 3500 FirmwareAll versions
AmdRyzen 5 3500x FirmwareAll versions
AmdRyzen 5 3600 FirmwareAll versions
AmdRyzen 5 3600x FirmwareAll versions

Showing 50 of 165 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-27672?
When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure.
How severe is CVE-2022-27672?
CVE-2022-27672 has a CVSS score of 4.7/10 (MEDIUM severity). The EPSS model estimates a 0.29% probability of exploitation in the next 30 days.
How do I fix CVE-2022-27672?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-27672?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST