Strix
26.1K

CVE-2022-29901

MEDIUMCVSS 6.5/10EPSS 4.95%

Last modified

CVE-2022-29901 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.. EPSS estimates a 4.95% chance of exploitation in the next 30 days.

Description

Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.

Metrics

CVSS 3.1
6.5/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS Probability
4.95%

91.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
IntelCore I7-6500u FirmwareAll versions
IntelCore I7-6510u FirmwareAll versions
IntelCore I7-6560u FirmwareAll versions
IntelCore I7-6567u FirmwareAll versions
IntelCore I7-6600u FirmwareAll versions
IntelCore I7-6650u FirmwareAll versions
IntelCore I7-6660u FirmwareAll versions
IntelCore I7-6700 FirmwareAll versions
IntelCore I7-6700hq FirmwareAll versions
IntelCore I7-6700k FirmwareAll versions
IntelCore I7-6700t FirmwareAll versions
IntelCore I7-6700te FirmwareAll versions
IntelCore I7-6770hq FirmwareAll versions
IntelCore I7-6820eq FirmwareAll versions
IntelCore I7-6820hk FirmwareAll versions
IntelCore I7-6820hq FirmwareAll versions
IntelCore I7-6822eq FirmwareAll versions
IntelCore I7-6870hq FirmwareAll versions
IntelCore I7-6920hq FirmwareAll versions
IntelCore I7-6970hq FirmwareAll versions
IntelCore I7-8550u FirmwareAll versions
IntelCore I7-8559u FirmwareAll versions
IntelCore I7-8650u FirmwareAll versions
IntelCore I7-8700b FirmwareAll versions
IntelCore I7-8700k FirmwareAll versions
IntelCore I7-8705g FirmwareAll versions
IntelCore I7-8706g FirmwareAll versions
IntelCore I7-8709g FirmwareAll versions
IntelCore I7-8750h FirmwareAll versions
IntelCore I7-8809g FirmwareAll versions
IntelCore I7-8850h FirmwareAll versions
IntelCore I3-6100 FirmwareAll versions
IntelCore I3-6100e FirmwareAll versions
IntelCore I3-6100h FirmwareAll versions
IntelCore I3-6100t FirmwareAll versions
IntelCore I3-6100te FirmwareAll versions
IntelCore I3-6100u FirmwareAll versions
IntelCore I3-6102e FirmwareAll versions
IntelCore I3-6110u FirmwareAll versions
IntelCore I3-6120 FirmwareAll versions
IntelCore I3-6120t FirmwareAll versions
IntelCore I3-6167u FirmwareAll versions
IntelCore I3-6300 FirmwareAll versions
IntelCore I3-6300t FirmwareAll versions
IntelCore I3-6320 FirmwareAll versions
IntelCore I3-6320t FirmwareAll versions
IntelCore I3-8000 FirmwareAll versions
IntelCore I3-8000t FirmwareAll versions
IntelCore I3-8020 FirmwareAll versions
IntelCore I3-8100 FirmwareAll versions

Showing 50 of 131 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-29901?
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.
How severe is CVE-2022-29901?
CVE-2022-29901 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 4.95% probability of exploitation in the next 30 days.
How do I fix CVE-2022-29901?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-29901?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST