Search criteria
8 vulnerabilities found for CPU by AMD
VAR-202311-1187
Vulnerability from variot - Updated: 2025-12-19 22:58Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity. AMD CPUs are a series of CPUs from AMD Inc.
AMD CPUs contain a misguided instruction vulnerability.
The following advisory data is extracted from:
https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0753.json
Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.
- Packet Storm Staff
==================================================================== Red Hat Security Advisory
Synopsis: Moderate: linux-firmware security update Advisory ID: RHSA-2024:0753-03 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2024:0753 Issue date: 2024-02-09 Revision: 03 CVE Names: CVE-2023-20592 ====================================================================
Summary:
An update for linux-firmware is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description:
The linux-firmware packages contain all of the firmware files that are required by various devices to operate.
Security Fix(es):
- (RCVE-2023-20592)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution:
https://access.redhat.com/articles/11258
CVEs:
CVE-2023-20592
References:
https://access.redhat.com/security/updates/classification/#moderate https://bugzilla.redhat.com/show_bug.cgi?id=2244590
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202311-1187",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "epyc 7402p",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7f32",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7281",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7f52",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7601",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7282",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7h12",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7643p",
"scope": "lt",
"trust": 1.0,
"vendor": "amd",
"version": "milanpi_1.0.0.c"
},
{
"model": "epyc 7532",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 75f3",
"scope": "lt",
"trust": 1.0,
"vendor": "amd",
"version": "milanpi_1.0.0.c"
},
{
"model": "epyc 73f3",
"scope": "lt",
"trust": 1.0,
"vendor": "amd",
"version": "milanpi_1.0.0.c"
},
{
"model": "epyc 7313p",
"scope": "lt",
"trust": 1.0,
"vendor": "amd",
"version": "milanpi_1.0.0.c"
},
{
"model": "epyc 7502p",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7313",
"scope": "lt",
"trust": 1.0,
"vendor": "amd",
"version": "milanpi_1.0.0.c"
},
{
"model": "epyc 7401p",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 74f3",
"scope": "lt",
"trust": 1.0,
"vendor": "amd",
"version": "milanpi_1.0.0.c"
},
{
"model": "epyc 7252",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7552",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7443",
"scope": "lt",
"trust": 1.0,
"vendor": "amd",
"version": "milanpi_1.0.0.c"
},
{
"model": "epyc 7303",
"scope": "lt",
"trust": 1.0,
"vendor": "amd",
"version": "milanpi_1.0.0.c"
},
{
"model": "epyc 7502",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7303p",
"scope": "lt",
"trust": 1.0,
"vendor": "amd",
"version": "milanpi_1.0.0.c"
},
{
"model": "epyc 7551",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7413",
"scope": "lt",
"trust": 1.0,
"vendor": "amd",
"version": "milanpi_1.0.0.c"
},
{
"model": "epyc 7262",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7373x",
"scope": "lt",
"trust": 1.0,
"vendor": "amd",
"version": "milanpi_1.0.0.c"
},
{
"model": "epyc 7351",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7542",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7302",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7473x",
"scope": "lt",
"trust": 1.0,
"vendor": "amd",
"version": "milanpi_1.0.0.c"
},
{
"model": "epyc 7551p",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7663",
"scope": "lt",
"trust": 1.0,
"vendor": "amd",
"version": "milanpi_1.0.0.c"
},
{
"model": "epyc 72f3",
"scope": "lt",
"trust": 1.0,
"vendor": "amd",
"version": "milanpi_1.0.0.c"
},
{
"model": "epyc 7272",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7203p",
"scope": "lt",
"trust": 1.0,
"vendor": "amd",
"version": "milanpi_1.0.0.c"
},
{
"model": "epyc 7662",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7251",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7402",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7302p",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7713p",
"scope": "lt",
"trust": 1.0,
"vendor": "amd",
"version": "milanpi_1.0.0.c"
},
{
"model": "epyc 7643",
"scope": "lt",
"trust": 1.0,
"vendor": "amd",
"version": "milanpi_1.0.0.c"
},
{
"model": "epyc 7452",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7713",
"scope": "lt",
"trust": 1.0,
"vendor": "amd",
"version": "milanpi_1.0.0.c"
},
{
"model": "epyc 7642",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7501",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7351p",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7371",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7763",
"scope": "lt",
"trust": 1.0,
"vendor": "amd",
"version": "milanpi_1.0.0.c"
},
{
"model": "epyc 7451",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7513",
"scope": "lt",
"trust": 1.0,
"vendor": "amd",
"version": "milanpi_1.0.0.c"
},
{
"model": "epyc 7261",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7f72",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7453",
"scope": "lt",
"trust": 1.0,
"vendor": "amd",
"version": "milanpi_1.0.0.c"
},
{
"model": "epyc 7443p",
"scope": "lt",
"trust": 1.0,
"vendor": "amd",
"version": "milanpi_1.0.0.c"
},
{
"model": "epyc 7343",
"scope": "lt",
"trust": 1.0,
"vendor": "amd",
"version": "milanpi_1.0.0.c"
},
{
"model": "epyc 7702",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7203",
"scope": "lt",
"trust": 1.0,
"vendor": "amd",
"version": "milanpi_1.0.0.c"
},
{
"model": "epyc 7401",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7742",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7001",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7773x",
"scope": "lt",
"trust": 1.0,
"vendor": "amd",
"version": "milanpi_1.0.0.c"
},
{
"model": "epyc 7573x",
"scope": "lt",
"trust": 1.0,
"vendor": "amd",
"version": "milanpi_1.0.0.c"
},
{
"model": "epyc 7352",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7663p",
"scope": "lt",
"trust": 1.0,
"vendor": "amd",
"version": "milanpi_1.0.0.c"
},
{
"model": "epyc 7543",
"scope": "lt",
"trust": 1.0,
"vendor": "amd",
"version": "milanpi_1.0.0.c"
},
{
"model": "epyc 7232p",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7301",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7702p",
"scope": "eq",
"trust": 1.0,
"vendor": "amd",
"version": null
},
{
"model": "epyc 7543p",
"scope": "lt",
"trust": 1.0,
"vendor": "amd",
"version": "milanpi_1.0.0.c"
},
{
"model": "cpu",
"scope": null,
"trust": 0.6,
"vendor": "amd",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29751"
},
{
"db": "NVD",
"id": "CVE-2023-20592"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "177057"
},
{
"db": "PACKETSTORM",
"id": "177305"
},
{
"db": "PACKETSTORM",
"id": "177304"
}
],
"trust": 0.3
},
"cve": "CVE-2023-20592",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2025-29751",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2023-20592",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-20592",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2025-29751",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29751"
},
{
"db": "NVD",
"id": "CVE-2023-20592"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity. AMD CPUs are a series of CPUs from AMD Inc. \n\nAMD CPUs contain a misguided instruction vulnerability. \n\nThe following advisory data is extracted from:\n\nhttps://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0753.json\n\nRed Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat\u0027s archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. \n\n- Packet Storm Staff\n\n\n\n\n====================================================================\nRed Hat Security Advisory\n\nSynopsis: Moderate: linux-firmware security update\nAdvisory ID: RHSA-2024:0753-03\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2024:0753\nIssue date: 2024-02-09\nRevision: 03\nCVE Names: CVE-2023-20592\n====================================================================\n\nSummary: \n\nAn update for linux-firmware is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. \n\n\n\n\nDescription:\n\nThe linux-firmware packages contain all of the firmware files that are required by various devices to operate. \n\nSecurity Fix(es):\n\n* (RCVE-2023-20592)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. \n\n\nSolution:\n\nhttps://access.redhat.com/articles/11258\n\n\n\nCVEs:\n\nCVE-2023-20592\n\nReferences:\n\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2244590\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-20592"
},
{
"db": "CNVD",
"id": "CNVD-2025-29751"
},
{
"db": "VULMON",
"id": "CVE-2023-20592"
},
{
"db": "PACKETSTORM",
"id": "177057"
},
{
"db": "PACKETSTORM",
"id": "177305"
},
{
"db": "PACKETSTORM",
"id": "177304"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-20592",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2025-29751",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-20592",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "177057",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "177305",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "177304",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29751"
},
{
"db": "VULMON",
"id": "CVE-2023-20592"
},
{
"db": "PACKETSTORM",
"id": "177057"
},
{
"db": "PACKETSTORM",
"id": "177305"
},
{
"db": "PACKETSTORM",
"id": "177304"
},
{
"db": "NVD",
"id": "CVE-2023-20592"
}
]
},
"id": "VAR-202311-1187",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29751"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29751"
}
]
},
"last_update_date": "2025-12-19T22:58:13.256000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for AMD CPU Instruction Misconception",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/777111"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/cispa/CacheWarp "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29751"
},
{
"db": "VULMON",
"id": "CVE-2023-20592"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-20592"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-3005"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-20592"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244590"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://github.com/cispa/cachewarp"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2024:0753"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0753.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2024:0979"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0979.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2024:0978"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0978.json"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29751"
},
{
"db": "VULMON",
"id": "CVE-2023-20592"
},
{
"db": "PACKETSTORM",
"id": "177057"
},
{
"db": "PACKETSTORM",
"id": "177305"
},
{
"db": "PACKETSTORM",
"id": "177304"
},
{
"db": "NVD",
"id": "CVE-2023-20592"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-29751"
},
{
"db": "VULMON",
"id": "CVE-2023-20592"
},
{
"db": "PACKETSTORM",
"id": "177057"
},
{
"db": "PACKETSTORM",
"id": "177305"
},
{
"db": "PACKETSTORM",
"id": "177304"
},
{
"db": "NVD",
"id": "CVE-2023-20592"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-12-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29751"
},
{
"date": "2023-11-14T00:00:00",
"db": "VULMON",
"id": "CVE-2023-20592"
},
{
"date": "2024-02-09T16:35:56",
"db": "PACKETSTORM",
"id": "177057"
},
{
"date": "2024-02-27T14:57:53",
"db": "PACKETSTORM",
"id": "177305"
},
{
"date": "2024-02-27T14:57:45",
"db": "PACKETSTORM",
"id": "177304"
},
{
"date": "2023-11-14T19:15:16.030000",
"db": "NVD",
"id": "CVE-2023-20592"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-12-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29751"
},
{
"date": "2023-11-14T00:00:00",
"db": "VULMON",
"id": "CVE-2023-20592"
},
{
"date": "2023-11-28T18:04:11.733000",
"db": "NVD",
"id": "CVE-2023-20592"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AMD CPU Instruction Misconception",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29751"
}
],
"trust": 0.6
}
}
VAR-202511-2375
Vulnerability from variot - Updated: 2025-12-19 22:50Improper handling of insufficient entropy in the AMD CPUs could allow a local attacker to influence the values returned by the RDSEED instruction, potentially resulting in the consumption of insufficiently random values. AMD CPUs are a series of CPUs manufactured by AMD.
AMD CPUs have a vulnerability due to improper entropy handling; detailed vulnerability information is not currently available
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202511-2375",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cpu",
"scope": null,
"trust": 0.6,
"vendor": "amd",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29745"
}
]
},
"cve": "CVE-2025-62626",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"id": "CNVD-2025-29745",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "psirt@amd.com",
"id": "CVE-2025-62626",
"trust": 1.0,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-29745",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29745"
},
{
"db": "NVD",
"id": "CVE-2025-62626"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper handling of insufficient entropy in the AMD CPUs could allow a local attacker to influence the values returned by the RDSEED instruction, potentially resulting in the consumption of insufficiently random values. AMD CPUs are a series of CPUs manufactured by AMD. \n\nAMD CPUs have a vulnerability due to improper entropy handling; detailed vulnerability information is not currently available",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-62626"
},
{
"db": "CNVD",
"id": "CNVD-2025-29745"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-62626",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2025-29745",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29745"
},
{
"db": "NVD",
"id": "CVE-2025-62626"
}
]
},
"id": "VAR-202511-2375",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29745"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29745"
}
]
},
"last_update_date": "2025-12-19T22:50:29.181000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for AMD CPU entropy handling vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/777091"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29745"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-333",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-62626"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7055.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-62626"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29745"
},
{
"db": "NVD",
"id": "CVE-2025-62626"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-29745"
},
{
"db": "NVD",
"id": "CVE-2025-62626"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-12-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29745"
},
{
"date": "2025-11-21T19:16:02.633000",
"db": "NVD",
"id": "CVE-2025-62626"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-12-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29745"
},
{
"date": "2025-11-25T22:16:42.557000",
"db": "NVD",
"id": "CVE-2025-62626"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AMD CPU entropy handling vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29745"
}
],
"trust": 0.6
}
}
VAR-202511-2429
Vulnerability from variot - Updated: 2025-12-19 22:44A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data integrity. AMD CPUs are a series of CPUs from AMD Inc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202511-2429",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cpu",
"scope": null,
"trust": 0.6,
"vendor": "amd",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29746"
}
]
},
"cve": "CVE-2025-29934",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"id": "CNVD-2025-29746",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:M/C:N/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "psirt@amd.com",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 0.8,
"id": "CVE-2025-29934",
"impactScore": 4.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "psirt@amd.com",
"id": "CVE-2025-29934",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2025-29746",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29746"
},
{
"db": "NVD",
"id": "CVE-2025-29934"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data integrity. AMD CPUs are a series of CPUs from AMD Inc",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-29934"
},
{
"db": "CNVD",
"id": "CNVD-2025-29746"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-29934",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2025-29746",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29746"
},
{
"db": "NVD",
"id": "CVE-2025-29934"
}
]
},
"id": "VAR-202511-2429",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29746"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29746"
}
]
},
"last_update_date": "2025-12-19T22:44:10.458000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for AMD CPUs have an unknown vulnerability.",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/777096"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29746"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-459",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-29934"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3029.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-29934"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29746"
},
{
"db": "NVD",
"id": "CVE-2025-29934"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-29746"
},
{
"db": "NVD",
"id": "CVE-2025-29934"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-12-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29746"
},
{
"date": "2025-11-21T19:15:47.847000",
"db": "NVD",
"id": "CVE-2025-29934"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-12-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29746"
},
{
"date": "2025-11-25T22:16:42.557000",
"db": "NVD",
"id": "CVE-2025-29934"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AMD CPUs have an unknown vulnerability.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29746"
}
],
"trust": 0.6
}
}
VAR-202403-0812
Vulnerability from variot - Updated: 2025-12-19 21:25A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths. Security researchers have labeled this variant of the Spectre v1 vulnerability “GhostRace", for ease of communication.CVE-2024-2193 AffectedCVE-2024-2193 Affected. AMD CPUs are a series of CPUs manufactured by AMD.
AMD CPUs contain a race condition vulnerability. This vulnerability stems from improper handling of concurrent access when concurrent code needs to access shared resources mutually exclusively during network system or product operation. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202409-10
https://security.gentoo.org/
Severity: Normal Title: Xen: Multiple Vulnerabilities Date: September 22, 2024 Bugs: #918669, #921355, #923741, #928620, #929038 ID: 202409-10
Synopsis
Multiple vulnerabilities have been discovered in Xen, the worst of which could lead to privilege escalation.
Background
Xen is a bare-metal hypervisor.
Affected packages
Package Vulnerable Unaffected
app-emulation/xen < 4.17.4 >= 4.17.4
Description
Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Xen users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.17.4"
References
[ 1 ] CVE-2022-4949 https://nvd.nist.gov/vuln/detail/CVE-2022-4949 [ 2 ] CVE-2022-42336 https://nvd.nist.gov/vuln/detail/CVE-2022-42336 [ 3 ] CVE-2023-28746 https://nvd.nist.gov/vuln/detail/CVE-2023-28746 [ 4 ] CVE-2023-34319 https://nvd.nist.gov/vuln/detail/CVE-2023-34319 [ 5 ] CVE-2023-34320 https://nvd.nist.gov/vuln/detail/CVE-2023-34320 [ 6 ] CVE-2023-34321 https://nvd.nist.gov/vuln/detail/CVE-2023-34321 [ 7 ] CVE-2023-34322 https://nvd.nist.gov/vuln/detail/CVE-2023-34322 [ 8 ] CVE-2023-34323 https://nvd.nist.gov/vuln/detail/CVE-2023-34323 [ 9 ] CVE-2023-34324 https://nvd.nist.gov/vuln/detail/CVE-2023-34324 [ 10 ] CVE-2023-34325 https://nvd.nist.gov/vuln/detail/CVE-2023-34325 [ 11 ] CVE-2023-34327 https://nvd.nist.gov/vuln/detail/CVE-2023-34327 [ 12 ] CVE-2023-34328 https://nvd.nist.gov/vuln/detail/CVE-2023-34328 [ 13 ] CVE-2023-46835 https://nvd.nist.gov/vuln/detail/CVE-2023-46835 [ 14 ] CVE-2023-46836 https://nvd.nist.gov/vuln/detail/CVE-2023-46836 [ 15 ] CVE-2023-46837 https://nvd.nist.gov/vuln/detail/CVE-2023-46837 [ 16 ] CVE-2023-46839 https://nvd.nist.gov/vuln/detail/CVE-2023-46839 [ 17 ] CVE-2023-46840 https://nvd.nist.gov/vuln/detail/CVE-2023-46840 [ 18 ] CVE-2023-46841 https://nvd.nist.gov/vuln/detail/CVE-2023-46841 [ 19 ] CVE-2023-46842 https://nvd.nist.gov/vuln/detail/CVE-2023-46842 [ 20 ] CVE-2024-2193 https://nvd.nist.gov/vuln/detail/CVE-2024-2193 [ 21 ] CVE-2024-31142 https://nvd.nist.gov/vuln/detail/CVE-2024-31142 [ 22 ] XSA-431 https://xenbits.xen.org/xsa/advisory-431.html [ 23 ] XSA-432 https://xenbits.xen.org/xsa/advisory-432.html [ 24 ] XSA-436 https://xenbits.xen.org/xsa/advisory-436.html [ 25 ] XSA-437 https://xenbits.xen.org/xsa/advisory-437.html [ 26 ] XSA-438 https://xenbits.xen.org/xsa/advisory-438.html [ 27 ] XSA-439 https://xenbits.xen.org/xsa/advisory-439.html [ 28 ] XSA-440 https://xenbits.xen.org/xsa/advisory-440.html [ 29 ] XSA-441 https://xenbits.xen.org/xsa/advisory-441.html [ 30 ] XSA-442 https://xenbits.xen.org/xsa/advisory-442.html [ 31 ] XSA-447 https://xenbits.xen.org/xsa/advisory-447.html [ 32 ] XSA-449 https://xenbits.xen.org/xsa/advisory-449.html [ 33 ] XSA-450 https://xenbits.xen.org/xsa/advisory-450.html [ 34 ] XSA-451 https://xenbits.xen.org/xsa/advisory-451.html [ 35 ] XSA-452 https://xenbits.xen.org/xsa/advisory-452.html [ 36 ] XSA-453 https://xenbits.xen.org/xsa/advisory-453.html [ 37 ] XSA-454 https://xenbits.xen.org/xsa/advisory-454.html [ 38 ] XSA-455 https://xenbits.xen.org/xsa/advisory-455.html
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202409-10
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202403-0812",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cpu",
"scope": null,
"trust": 0.6,
"vendor": "amd",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29750"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Statement Date:\u00a0\u00a0 March 01, 2024",
"sources": [
{
"db": "CERT/CC",
"id": "VU#488902"
}
],
"trust": 0.8
},
"cve": "CVE-2024-2193",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.2,
"id": "CNVD-2025-29750",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:M/C:C/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.5,
"id": "CVE-2024-2193",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-2193",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2025-29750",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29750"
},
{
"db": "NVD",
"id": "CVE-2024-2193"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths. Security researchers have labeled this variant of the Spectre v1 vulnerability \u201cGhostRace\", for ease of communication.CVE-2024-2193 AffectedCVE-2024-2193 Affected. AMD CPUs are a series of CPUs manufactured by AMD. \n\nAMD CPUs contain a race condition vulnerability. This vulnerability stems from improper handling of concurrent access when concurrent code needs to access shared resources mutually exclusively during network system or product operation. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202409-10\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Xen: Multiple Vulnerabilities\n Date: September 22, 2024\n Bugs: #918669, #921355, #923741, #928620, #929038\n ID: 202409-10\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in Xen, the worst of which\ncould lead to privilege escalation. \n\nBackground\n==========\n\nXen is a bare-metal hypervisor. \n\nAffected packages\n=================\n\nPackage Vulnerable Unaffected\n----------------- ------------ ------------\napp-emulation/xen \u003c 4.17.4 \u003e= 4.17.4\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Xen. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Xen users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-emulation/xen-4.17.4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2022-4949\n https://nvd.nist.gov/vuln/detail/CVE-2022-4949\n[ 2 ] CVE-2022-42336\n https://nvd.nist.gov/vuln/detail/CVE-2022-42336\n[ 3 ] CVE-2023-28746\n https://nvd.nist.gov/vuln/detail/CVE-2023-28746\n[ 4 ] CVE-2023-34319\n https://nvd.nist.gov/vuln/detail/CVE-2023-34319\n[ 5 ] CVE-2023-34320\n https://nvd.nist.gov/vuln/detail/CVE-2023-34320\n[ 6 ] CVE-2023-34321\n https://nvd.nist.gov/vuln/detail/CVE-2023-34321\n[ 7 ] CVE-2023-34322\n https://nvd.nist.gov/vuln/detail/CVE-2023-34322\n[ 8 ] CVE-2023-34323\n https://nvd.nist.gov/vuln/detail/CVE-2023-34323\n[ 9 ] CVE-2023-34324\n https://nvd.nist.gov/vuln/detail/CVE-2023-34324\n[ 10 ] CVE-2023-34325\n https://nvd.nist.gov/vuln/detail/CVE-2023-34325\n[ 11 ] CVE-2023-34327\n https://nvd.nist.gov/vuln/detail/CVE-2023-34327\n[ 12 ] CVE-2023-34328\n https://nvd.nist.gov/vuln/detail/CVE-2023-34328\n[ 13 ] CVE-2023-46835\n https://nvd.nist.gov/vuln/detail/CVE-2023-46835\n[ 14 ] CVE-2023-46836\n https://nvd.nist.gov/vuln/detail/CVE-2023-46836\n[ 15 ] CVE-2023-46837\n https://nvd.nist.gov/vuln/detail/CVE-2023-46837\n[ 16 ] CVE-2023-46839\n https://nvd.nist.gov/vuln/detail/CVE-2023-46839\n[ 17 ] CVE-2023-46840\n https://nvd.nist.gov/vuln/detail/CVE-2023-46840\n[ 18 ] CVE-2023-46841\n https://nvd.nist.gov/vuln/detail/CVE-2023-46841\n[ 19 ] CVE-2023-46842\n https://nvd.nist.gov/vuln/detail/CVE-2023-46842\n[ 20 ] CVE-2024-2193\n https://nvd.nist.gov/vuln/detail/CVE-2024-2193\n[ 21 ] CVE-2024-31142\n https://nvd.nist.gov/vuln/detail/CVE-2024-31142\n[ 22 ] XSA-431\n https://xenbits.xen.org/xsa/advisory-431.html\n[ 23 ] XSA-432\n https://xenbits.xen.org/xsa/advisory-432.html\n[ 24 ] XSA-436\n https://xenbits.xen.org/xsa/advisory-436.html\n[ 25 ] XSA-437\n https://xenbits.xen.org/xsa/advisory-437.html\n[ 26 ] XSA-438\n https://xenbits.xen.org/xsa/advisory-438.html\n[ 27 ] XSA-439\n https://xenbits.xen.org/xsa/advisory-439.html\n[ 28 ] XSA-440\n https://xenbits.xen.org/xsa/advisory-440.html\n[ 29 ] XSA-441\n https://xenbits.xen.org/xsa/advisory-441.html\n[ 30 ] XSA-442\n https://xenbits.xen.org/xsa/advisory-442.html\n[ 31 ] XSA-447\n https://xenbits.xen.org/xsa/advisory-447.html\n[ 32 ] XSA-449\n https://xenbits.xen.org/xsa/advisory-449.html\n[ 33 ] XSA-450\n https://xenbits.xen.org/xsa/advisory-450.html\n[ 34 ] XSA-451\n https://xenbits.xen.org/xsa/advisory-451.html\n[ 35 ] XSA-452\n https://xenbits.xen.org/xsa/advisory-452.html\n[ 36 ] XSA-453\n https://xenbits.xen.org/xsa/advisory-453.html\n[ 37 ] XSA-454\n https://xenbits.xen.org/xsa/advisory-454.html\n[ 38 ] XSA-455\n https://xenbits.xen.org/xsa/advisory-455.html\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202409-10\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2024 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-2193"
},
{
"db": "CERT/CC",
"id": "VU#488902"
},
{
"db": "CNVD",
"id": "CNVD-2025-29750"
},
{
"db": "PACKETSTORM",
"id": "181717"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-2193",
"trust": 2.6
},
{
"db": "CERT/CC",
"id": "VU#488902",
"trust": 2.4
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2024/03/12/14",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2025-29750",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "177568",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "181717",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#488902"
},
{
"db": "CNVD",
"id": "CNVD-2025-29750"
},
{
"db": "PACKETSTORM",
"id": "177568"
},
{
"db": "PACKETSTORM",
"id": "181717"
},
{
"db": "NVD",
"id": "CVE-2024-2193"
}
]
},
"id": "VAR-202403-0812",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29750"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29750"
}
]
},
"last_update_date": "2025-12-19T21:25:15.264000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-362",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2024-2193"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://xenbits.xen.org/xsa/advisory-453.html"
},
{
"trust": 1.6,
"url": "https://kb.cert.org/vuls/id/488902"
},
{
"trust": 1.0,
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zon4tlxg7tg4a2xzg563jmvtgqw4sf3a/"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2024/03/12/14"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/eiuicu6cvjuib6bpj7p5qtpqr5vobhfk/"
},
{
"trust": 1.0,
"url": "https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/h63lgaqxpevjoes73u4xk65i6dasoaag/"
},
{
"trust": 1.0,
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23"
},
{
"trust": 1.0,
"url": "https://www.kb.cert.org/vuls/id/488902"
},
{
"trust": 1.0,
"url": "https://download.vusec.net/papers/ghostrace_sec24.pdf"
},
{
"trust": 1.0,
"url": "https://www.vusec.net/projects/ghostrace/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-2193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-46841"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-34324"
},
{
"trust": 0.1,
"url": "https://xenbits.xen.org/xsa/advisory-455.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-28746"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/202409-10"
},
{
"trust": 0.1,
"url": "https://xenbits.xen.org/xsa/advisory-449.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-34327"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-34319"
},
{
"trust": 0.1,
"url": "https://xenbits.xen.org/xsa/advisory-452.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-46837"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-46840"
},
{
"trust": 0.1,
"url": "https://xenbits.xen.org/xsa/advisory-447.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-34321"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4949"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-31142"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-46835"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42336"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-46836"
},
{
"trust": 0.1,
"url": "https://xenbits.xen.org/xsa/advisory-440.html"
},
{
"trust": 0.1,
"url": "https://xenbits.xen.org/xsa/advisory-438.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-34320"
},
{
"trust": 0.1,
"url": "https://xenbits.xen.org/xsa/advisory-442.html"
},
{
"trust": 0.1,
"url": "https://xenbits.xen.org/xsa/advisory-432.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-46839"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-46842"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-34322"
},
{
"trust": 0.1,
"url": "https://xenbits.xen.org/xsa/advisory-436.html"
},
{
"trust": 0.1,
"url": "https://xenbits.xen.org/xsa/advisory-450.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-34325"
},
{
"trust": 0.1,
"url": "https://xenbits.xen.org/xsa/advisory-441.html"
},
{
"trust": 0.1,
"url": "https://xenbits.xen.org/xsa/advisory-439.html"
},
{
"trust": 0.1,
"url": "https://xenbits.xen.org/xsa/advisory-454.html"
},
{
"trust": 0.1,
"url": "https://xenbits.xen.org/xsa/advisory-437.html"
},
{
"trust": 0.1,
"url": "https://xenbits.xen.org/xsa/advisory-431.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-34328"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-34323"
},
{
"trust": 0.1,
"url": "https://xenbits.xen.org/xsa/advisory-451.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-29750"
},
{
"db": "PACKETSTORM",
"id": "177568"
},
{
"db": "PACKETSTORM",
"id": "181717"
},
{
"db": "NVD",
"id": "CVE-2024-2193"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#488902"
},
{
"db": "CNVD",
"id": "CNVD-2025-29750"
},
{
"db": "PACKETSTORM",
"id": "177568"
},
{
"db": "PACKETSTORM",
"id": "181717"
},
{
"db": "NVD",
"id": "CVE-2024-2193"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-03-14T00:00:00",
"db": "CERT/CC",
"id": "VU#488902"
},
{
"date": "2025-12-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29750"
},
{
"date": "2024-03-13T15:32:11",
"db": "PACKETSTORM",
"id": "177568"
},
{
"date": "2024-09-23T14:27:44",
"db": "PACKETSTORM",
"id": "181717"
},
{
"date": "2024-03-15T18:15:08.530000",
"db": "NVD",
"id": "CVE-2024-2193"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-03-15T00:00:00",
"db": "CERT/CC",
"id": "VU#488902"
},
{
"date": "2025-12-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-29750"
},
{
"date": "2025-04-30T23:16:01.667000",
"db": "NVD",
"id": "CVE-2024-2193"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions",
"sources": [
{
"db": "CERT/CC",
"id": "VU#488902"
}
],
"trust": 0.8
}
}
CVE-2024-2193 (GCVE-0-2024-2193)
Vulnerability from nvd – Published: 2024-03-15 18:03 – Updated: 2025-04-30 23:03
VLAI?
Title
Speculative Race Condition impacts modern CPU architectures that support speculative execution, also known as GhostRace.
Summary
A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.
Severity ?
5.7 (Medium)
CWE
Assigner
References
Impacted products
Credits
Thanks to Hany Ragab and Cristiano Giuffrida from the VUSec group at VU Amsterdam and Andrea Mambretti and Anil Kurmus from IBM Research Europe, Zurich for discovering and reporting this vulnerability.
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-2193",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T15:31:03.336472Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T16:10:13.603Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-04-30T23:03:28.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/488902"
},
{
"tags": [
"x_transferred"
],
"url": "https://xenbits.xen.org/xsa/advisory-453.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.vusec.net/projects/ghostrace/"
},
{
"tags": [
"x_transferred"
],
"url": "https://download.vusec.net/papers/ghostrace_sec24.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23"
},
{
"tags": [
"x_transferred"
],
"url": "https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/488902"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/12/14"
},
{
"url": "http://xenbits.xen.org/xsa/advisory-453.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CPU",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "See advisory AMD-SB-7016"
}
]
},
{
"product": "Xen",
"vendor": "Xen",
"versions": [
{
"status": "affected",
"version": "consult Xen advisory XSA-453"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks to Hany Ragab and Cristiano Giuffrida from the VUSec group at VU Amsterdam and Andrea Mambretti and Anil Kurmus from IBM Research Europe, Zurich for discovering and reporting this vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"value": "A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T17:10:43.337Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/488902"
},
{
"url": "https://xenbits.xen.org/xsa/advisory-453.html"
},
{
"url": "https://www.vusec.net/projects/ghostrace/"
},
{
"url": "https://download.vusec.net/papers/ghostrace_sec24.pdf"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23"
},
{
"url": "https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html"
},
{
"url": "https://www.kb.cert.org/vuls/id/488902"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/12/14"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Speculative Race Condition impacts modern CPU architectures that support speculative execution, also known as GhostRace.",
"x_generator": {
"engine": "VINCE 2.1.11",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2024-2193"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2024-2193",
"datePublished": "2024-03-15T18:03:32.844Z",
"dateReserved": "2024-03-05T15:11:04.573Z",
"dateUpdated": "2025-04-30T23:03:28.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26400 (GCVE-0-2021-26400)
Vulnerability from nvd – Published: 2022-05-11 16:36 – Updated: 2024-09-17 04:05
VLAI?
Summary
AMD processors may speculatively re-order load instructions which can result in stale data being observed when multiple processors are operating on shared memory, resulting in potential data leakage.
Severity ?
No CVSS data available.
CWE
- NA
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AMD | AMD Processors |
Affected:
Processor All Supported Processors
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1035"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AMD Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Processor All Supported Processors"
}
]
}
],
"datePublic": "2022-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "AMD processors may speculatively re-order load instructions which can result in stale data being observed when multiple processors are operating on shared memory, resulting in potential data leakage."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NA",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T16:36:21",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1035"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-05-10T20:30:00.000Z",
"ID": "CVE-2021-26400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AMD Processors",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "Processor",
"version_value": "All Supported Processors"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AMD processors may speculatively re-order load instructions which can result in stale data being observed when multiple processors are operating on shared memory, resulting in potential data leakage."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NA"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1035",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1035"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26400",
"datePublished": "2022-05-11T16:36:21.153693Z",
"dateReserved": "2021-01-29T00:00:00",
"dateUpdated": "2024-09-17T04:05:04.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2193 (GCVE-0-2024-2193)
Vulnerability from cvelistv5 – Published: 2024-03-15 18:03 – Updated: 2025-04-30 23:03
VLAI?
Title
Speculative Race Condition impacts modern CPU architectures that support speculative execution, also known as GhostRace.
Summary
A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.
Severity ?
5.7 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Impacted products
Credits
Thanks to Hany Ragab and Cristiano Giuffrida from the VUSec group at VU Amsterdam and Andrea Mambretti and Anil Kurmus from IBM Research Europe, Zurich for discovering and reporting this vulnerability.
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-2193",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T15:31:03.336472Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T16:10:13.603Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-04-30T23:03:28.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/488902"
},
{
"tags": [
"x_transferred"
],
"url": "https://xenbits.xen.org/xsa/advisory-453.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.vusec.net/projects/ghostrace/"
},
{
"tags": [
"x_transferred"
],
"url": "https://download.vusec.net/papers/ghostrace_sec24.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23"
},
{
"tags": [
"x_transferred"
],
"url": "https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/488902"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/12/14"
},
{
"url": "http://xenbits.xen.org/xsa/advisory-453.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CPU",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "See advisory AMD-SB-7016"
}
]
},
{
"product": "Xen",
"vendor": "Xen",
"versions": [
{
"status": "affected",
"version": "consult Xen advisory XSA-453"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks to Hany Ragab and Cristiano Giuffrida from the VUSec group at VU Amsterdam and Andrea Mambretti and Anil Kurmus from IBM Research Europe, Zurich for discovering and reporting this vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"value": "A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T17:10:43.337Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/488902"
},
{
"url": "https://xenbits.xen.org/xsa/advisory-453.html"
},
{
"url": "https://www.vusec.net/projects/ghostrace/"
},
{
"url": "https://download.vusec.net/papers/ghostrace_sec24.pdf"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23"
},
{
"url": "https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html"
},
{
"url": "https://www.kb.cert.org/vuls/id/488902"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/12/14"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Speculative Race Condition impacts modern CPU architectures that support speculative execution, also known as GhostRace.",
"x_generator": {
"engine": "VINCE 2.1.11",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2024-2193"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2024-2193",
"datePublished": "2024-03-15T18:03:32.844Z",
"dateReserved": "2024-03-05T15:11:04.573Z",
"dateUpdated": "2025-04-30T23:03:28.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26400 (GCVE-0-2021-26400)
Vulnerability from cvelistv5 – Published: 2022-05-11 16:36 – Updated: 2024-09-17 04:05
VLAI?
Summary
AMD processors may speculatively re-order load instructions which can result in stale data being observed when multiple processors are operating on shared memory, resulting in potential data leakage.
Severity ?
No CVSS data available.
CWE
- NA
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AMD | AMD Processors |
Affected:
Processor All Supported Processors
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1035"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AMD Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Processor All Supported Processors"
}
]
}
],
"datePublic": "2022-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "AMD processors may speculatively re-order load instructions which can result in stale data being observed when multiple processors are operating on shared memory, resulting in potential data leakage."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NA",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T16:36:21",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1035"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-05-10T20:30:00.000Z",
"ID": "CVE-2021-26400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AMD Processors",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "Processor",
"version_value": "All Supported Processors"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AMD processors may speculatively re-order load instructions which can result in stale data being observed when multiple processors are operating on shared memory, resulting in potential data leakage."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NA"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1035",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1035"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26400",
"datePublished": "2022-05-11T16:36:21.153693Z",
"dateReserved": "2021-01-29T00:00:00",
"dateUpdated": "2024-09-17T04:05:04.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}