CVE-2022-29901

ULN >
Oracle Linux CVE repository >
CVE-2022-29901

CVE Details

Release Date:

2022-07-12

Description

Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.

See more information about CVE-2022-29901 from MITRE CVE dictionary and NIST NVD

NOTE: The following CVSS metrics and score provided are preliminary and subject to review.

CVSS v3 metrics

Base Score:	5.6
Vector String:	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Version:	3.1
Attack Vector:	Local
Attack Complexity:	High
Privileges Required:	Low
User Interaction:	None
Scope:	Changed
Confidentiality:	High
Integrity:	None
Availability:	None

Errata information

Platform	Errata	Release Date
Oracle Linux version 7 (kernel)	ELSA-2022-7337	2022-11-03
Oracle Linux version 7 (kernel-uek)	ELSA-2022-9709	2022-08-15
Oracle Linux version 7 (kernel-uek)	ELSA-2024-12150	2024-02-12
Oracle Linux version 7 (kernel-uek)	ELSA-2024-12151	2024-02-12
Oracle Linux version 7 (kernel-uek)	ELSA-2025-20019	2025-01-11
Oracle Linux version 7 (kernel-uek-container)	ELSA-2022-9710	2022-08-15
Oracle Linux version 7 (kernel-uek-container)	ELSA-2024-12153	2024-02-12
Oracle Linux version 8 (kernel)	ELSA-2022-7110	2022-10-26
Oracle Linux version 8 (kernel-uek)	ELSA-2022-9590	2022-07-12
Oracle Linux version 8 (kernel-uek)	ELSA-2022-9709	2022-08-15
Oracle Linux version 8 (kernel-uek)	ELSA-2024-12151	2024-02-12
Oracle Linux version 8 (kernel-uek)	ELSA-2024-12433	2024-06-12
Oracle Linux version 8 (kernel-uek)	ELSA-2025-20019	2025-01-11
Oracle Linux version 8 (kernel-uek-container)	ELSA-2022-9591	2022-07-12
Oracle Linux version 8 (kernel-uek-container)	ELSA-2022-9710	2022-08-15
Oracle Linux version 8 (kernel-uek-container)	ELSA-2024-12154	2024-02-12
Oracle Linux version 9 (kernel)	ELSA-2022-8267	2022-11-22
Oracle Linux version 9 (kernel-uek)	ELSA-2022-9590	2022-07-12
Oracle Linux version 9 (kernel-uek)	ELSA-2024-12433	2024-06-12

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

Oracle customers - enter a support request
Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691