Sensitive Information Uncleared Before Release in kernel-debug-modules | CVE-2022-23824

Threat Intelligence

0.06% (28^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-RHEL8-KERNELDEBUGMODULES-5533319
published13 May 2023
disclosed12 Jul 2022

Report a new vulnerability Found a mistake?

Introduced: 12 Jul 2022

CVE-2022-23824 (opens in a new tab) CWE-226 (opens in a new tab) CWE-385 (opens in a new tab) CWE-200 (opens in a new tab)

Amendment

The Red Hat security team deemed this advisory irrelevant for RHEL:8.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-debug-modules package and not the kernel-debug-modules package as distributed by RHEL.

IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.

References

https://access.redhat.com/security/cve/CVE-2022-23824
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NTQMPJC5N6XJYQ232OZFLK47HVZNRBY3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/
http://www.openwall.com/lists/oss-security/2022/11/10/2
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTQMPJC5N6XJYQ232OZFLK47HVZNRBY3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/
https://security.gentoo.org/glsa/202402-07
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040
https://www.debian.org/security/2023/dsa-5378

Sensitive Information Uncleared Before Release The advisory has been revoked - it doesn't affect any version of package kernel-debug-modules (opens in a new tab)