CVE-2022-27672

4.7MEDIUM

Key Information:

Vendor
Amd
Status
1st Gen Amd Epyc™ Processors
2nd Gen Amd Epyc™ Processors
Athlon™ X4 Processor
Ryzen™ Threadripper™ Pro Processor
Vendor
CVE Published:
1 March 2023

Summary

When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure.

Affected Version(s)

1st Gen AMD EPYC™ Processors x86

2nd Gen AMD EPYC™ Processors x86

2nd Gen AMD Ryzen™ Threadripper™ Processors x86

References

https://www.amd.com/en/corporate/product-security/bulleti...
vendor-advisory
https://security.gentoo.org/glsa/202402-07

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.