PT-2022-3604 · Intel+9 · Intel Microprocessors+9

Johannes Wikner

+1

·

Published

2022-06-27

·

Updated

2025-09-23

·

CVE-2022-29901

CVSS v3.1

6.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Intel microprocessor generations 6 through 8
Description The issue is related to errors in processing the ret instruction, which retrieves an address for transition from the stack. This can allow an attacker to disclose protected information from kernel memory or launch an attack on the host system from virtual machines. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.
Recommendations For Intel microprocessor generations 6 through 8, consider disabling the use of the ret instruction in sensitive code paths until a patch is available. Restrict access to kernel memory to minimize the risk of exploitation. As a temporary workaround, apply configuration changes to mitigate the risk of arbitrary speculative code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Exposure of Resource to Wrong Sphere

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-668CWE-200

Related Identifiers

ALSA-2022:7110
ALSA-2022:7134
ALSA-2022:7933
ALSA-2022:8267
ALT-PU-2022-2363
BDU:2022-04388
CESA-2022_7110
CESA-2022_7134
CVE-2022-29901
DLA-3102-1
DLA-3245-1
DSA-5207-1
MGASA-2022-0278
MGASA-2022-0279
OESA-2023-1187
OESA-2023-1197
OESA-2023-1210
OPENSUSE-SU-2022:2549-1
OPENSUSE-SU-2022_2376-1
OPENSUSE-SU-2022_2411-1
OPENSUSE-SU-2022_2422-1
OPENSUSE-SU-2022_2520-1
OPENSUSE-SU-2022_2549-1
OPENSUSE-SU-2022_2615-1
OPENSUSE-SU-2022_4616-1
OPENSUSE-SU-2024:12193-1
OPENSUSE-SU-2024:13704-1
OPENSUSE-SU-2025_1263-1
RHSA-2022:7110
RHSA-2022:7134
RHSA-2022:7337
RHSA-2022:7338
RHSA-2022:7933
RHSA-2022:8267
RHSA-2022:8973
RHSA-2022:8974
RHSA-2022_7110
RHSA-2022_7134
RHSA-2022_7337
RHSA-2022_7338
RHSA-2022_7933
RHSA-2022_8267
RLSA-2022:7110
RLSA-2022:7134
SUSE-SU-2022:2376-1
SUSE-SU-2022:2377-1
SUSE-SU-2022:2379-1
SUSE-SU-2022:2382-1
SUSE-SU-2022:2393-1
SUSE-SU-2022:2407-1
SUSE-SU-2022:2411-1
SUSE-SU-2022:2424-1
SUSE-SU-2022:2424-2
SUSE-SU-2022:2478-1
SUSE-SU-2022:2520-1
SUSE-SU-2022:2549-1
SUSE-SU-2022:2615-1
SUSE-SU-2022:2629-1
SUSE-SU-2022:2809-1
SUSE-SU-2022:4616-1
SUSE-SU-2023:0416-1
SUSE-SU-2025:03310-1
SUSE-SU-2025:1027-1
SUSE-SU-2025:1176-1
SUSE-SU-2025:1183-1
SUSE-SU-2025:1194-1
SUSE-SU-2025:1241-1
SUSE-SU-2025:1263-1
SUSE-SU-2025_03310-1
SUSE-SU-2025_1027-1
SUSE-SU-2025_1241-1
SUSE-SU-2025_1263-1
USN-5564-1
USN-5565-1
USN-5566-1
USN-5728-1
USN-5728-2
USN-5728-3
USN-5854-1
USN-5861-1
USN-5862-1
USN-5865-1
USN-5883-1
USN-5924-1
USN-5975-1
USN-6007-1
USN-6221-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Intel Microprocessors
Linuxmint
Red Hat
Rocky Linux
Suse
Ubuntu