Unrated severityNVD Advisory· Published Mar 21, 2023· Updated Feb 13, 2025

CVE-2022-42331

Description

x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be attacked with a variety of speculative attacks.

Affected products

osv-coords33 versions
pkg:rpm/opensuse/xen&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/xen&distro=openSUSE%20Leap%20Micro%205.3 pkg:rpm/opensuse/xen&distro=openSUSE%20Tumbleweed pkg:rpm/suse/xen&distro=SUSE%20Enterprise%20Storage%207 pkg:rpm/suse/xen&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOS pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Micro%205.1 pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Micro%205.2 pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Micro%205.3 pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Micro%205.4 pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4 pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP4 pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3 pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-ESPOS pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/xen&distro=SUSE%20Manager%20Proxy%204.2 pkg:rpm/suse/xen&distro=SUSE%20Manager%20Server%204.2 pkg:rpm/suse/xen&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/xen&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 4.16.3_06-150400.4.25.1+ 32 more
- (no CPE)range: < 4.16.3_06-150400.4.25.1
- (no CPE)range: < 4.16.3_06-150400.4.25.1
- (no CPE)range: < 4.17.0_06-1.1
- (no CPE)range: < 4.13.4_20-150200.3.71.1
- (no CPE)range: < 4.14.5_12-150300.3.48.1
- (no CPE)range: < 4.12.4_34-150100.3.86.1
- (no CPE)range: < 4.13.4_20-150200.3.71.1
- (no CPE)range: < 4.14.5_12-150300.3.48.1
- (no CPE)range: < 4.14.5_12-150300.3.48.1
- (no CPE)range: < 4.14.5_12-150300.3.48.1
- (no CPE)range: < 4.14.5_12-150300.3.48.1
- (no CPE)range: < 4.16.3_06-150400.4.25.1
- (no CPE)range: < 4.16.3_06-150400.4.25.1
- (no CPE)range: < 4.16.3_06-150400.4.25.1
- (no CPE)range: < 4.16.3_06-150400.4.25.1
- (no CPE)range: < 4.14.5_12-150300.3.48.1
- (no CPE)range: < 4.7.6_32-43.104.1
- (no CPE)range: < 4.11.4_38-2.89.1
- (no CPE)range: < 4.11.4_38-2.89.1
- (no CPE)range: < 4.12.4_34-3.88.1
- (no CPE)range: < 4.12.4_34-150100.3.86.1
- (no CPE)range: < 4.13.4_20-150200.3.71.1
- (no CPE)range: < 4.14.5_12-150300.3.48.1
- (no CPE)range: < 4.11.4_38-2.89.1
- (no CPE)range: < 4.12.4_34-3.88.1
- (no CPE)range: < 4.12.4_34-150100.3.86.1
- (no CPE)range: < 4.13.4_20-150200.3.71.1
- (no CPE)range: < 4.14.5_12-150300.3.48.1
- (no CPE)range: < 4.12.4_34-3.88.1
- (no CPE)range: < 4.14.5_12-150300.3.48.1
- (no CPE)range: < 4.14.5_12-150300.3.48.1
- (no CPE)range: < 4.11.4_38-2.89.1
- (no CPE)range: < 4.11.4_38-2.89.1
Xen/Xenv5
Range: consult Xen advisory XSA-429

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5L6PM4RE7MUE6OWA32ZVOXCP235RM2TM/mitrevendor-advisory
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APBMS2Q6746AXAFAITNJMGBNFGNMVLWR/mitrevendor-advisory
www.debian.org/security/2023/dsa-5378mitrevendor-advisory
www.openwall.com/lists/oss-security/2023/03/21/3mitremailing-list
xenbits.xen.org/xsa/advisory-429.htmlmitre
security.gentoo.org/glsa/202402-07mitre
xenbits.xenproject.org/xsa/advisory-429.txtmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000