Strix
26.1K

CVE-2022-29900

MEDIUMCVSS 6.5/10EPSS 3.80%

Last modified

CVE-2022-29900 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.. EPSS estimates a 3.80% chance of exploitation in the next 30 days.

Description

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.

Metrics

CVSS 3.1
6.5/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS Probability
3.80%

88.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
DebianDebian Linux11.0
FedoraprojectFedora35
FedoraprojectFedora36
XenXenAll versions
AmdAthlon X4 750 FirmwareAll versions
AmdAthlon X4 760k FirmwareAll versions
AmdAthlon X4 830 FirmwareAll versions
AmdAthlon X4 835 FirmwareAll versions
AmdAthlon X4 840 FirmwareAll versions
AmdAthlon X4 845 FirmwareAll versions
AmdAthlon X4 860k FirmwareAll versions
AmdAthlon X4 870k FirmwareAll versions
AmdAthlon X4 880k FirmwareAll versions
AmdAthlon X4 940 FirmwareAll versions
AmdAthlon X4 950 FirmwareAll versions
AmdAthlon X4 970 FirmwareAll versions
AmdRyzen Threadripper Pro 3995wx FirmwareAll versions
AmdRyzen Threadripper Pro 3795wx FirmwareAll versions
AmdRyzen Threadripper Pro 3955wx FirmwareAll versions
AmdRyzen Threadripper Pro 3945wx FirmwareAll versions
AmdRyzen Threadripper Pro 5955wx FirmwareAll versions
AmdRyzen Threadripper Pro 5965wx FirmwareAll versions
AmdRyzen Threadripper Pro 5945wx FirmwareAll versions
AmdRyzen Threadripper Pro 5975wx FirmwareAll versions
AmdRyzen Threadripper Pro 5995wx FirmwareAll versions
AmdRyzen Threadripper 2990wx FirmwareAll versions
AmdRyzen Threadripper 2970wx FirmwareAll versions
AmdRyzen Threadripper 2950x FirmwareAll versions
AmdRyzen Threadripper 2920x FirmwareAll versions
AmdRyzen Threadripper 3990x FirmwareAll versions
AmdRyzen Threadripper 3970x FirmwareAll versions
AmdRyzen Threadripper 3960x FirmwareAll versions
AmdA12-9700p FirmwareAll versions
AmdA12-9730p FirmwareAll versions
AmdA10-9600p FirmwareAll versions
AmdA10-9630p FirmwareAll versions
AmdA9-9410 FirmwareAll versions
AmdA9-9420 FirmwareAll versions
AmdA6-9210 FirmwareAll versions
AmdA6-9220 FirmwareAll versions
AmdA6-9220c FirmwareAll versions
AmdA4-9120 FirmwareAll versions
AmdRyzen 3 2200u FirmwareAll versions
AmdRyzen 3 2300u FirmwareAll versions
AmdRyzen 5 2500u FirmwareAll versions
AmdRyzen 5 2600 FirmwareAll versions
AmdRyzen 5 2600h FirmwareAll versions
AmdRyzen 5 2600x FirmwareAll versions
AmdRyzen 5 2700 FirmwareAll versions
AmdRyzen 5 2700x FirmwareAll versions

Showing 50 of 127 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-29900?
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.
How severe is CVE-2022-29900?
CVE-2022-29900 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 3.80% probability of exploitation in the next 30 days.
How do I fix CVE-2022-29900?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-29900?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST