update: Kernel (AMD Inception) #1156
Comments
|
Fixed in LTS 3033.3.17, Stable 3510.2.7, Beta 3602.1.5, Alpha 3717.0.0. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Name: Kernel (AMD Inception)
CVEs: CVE-2023-20569
CVSSs: 7.5
Action Needed: update to >= 5.10.189, 5.15.125, 6.1.44
Summary: AMD has received an external report titled ‘INCEPTION’, describing a new speculative side channel attack. The attack can result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. This attack is similar to previous branch prediction-based attacks like Spectrev2 and Branch Type Confusion (BTC)/RetBleed. As with similar attacks, speculation is constrained within the current address space and to exploit, an attacker must have knowledge of the address space and control of sufficient registers at the time of RET (return from procedure) speculation. Hence, AMD believes this vulnerability is only potentially exploitable locally, such as via downloaded malware, and recommends customers employ security best practices, including running up-to-date software and malware detection tools.
See also https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7005.html.
refmap.gentoo: https://bugs.gentoo.org/911940
The text was updated successfully, but these errors were encountered: