安全研究
安全漏洞
AMD CPU分支类型混淆漏洞(CVE-2022-23816)
发布日期:2022-07-12
更新日期:2022-07-13
受影响系统:AMD Athlon™ X4 processor
AMD Ryzen™ Threadripper™ PRO processor
AMD 2nd Gen AMD Ryzen™ Threadripper™ processors
AMD 3rd Gen AMD Ryzen™ Threadripper™ processors
AMD 7th Generation AMD A-Series APUs
AMD Ryzen™ 2000 Series Desktop processors
AMD Ryzen™ 3000 Series Desktop processors
AMD Ryzen 4000 Series Desktop processors with Radeon
AMD Ryzen™ 2000 Series Mobile processor
AMD Athlon™ 3000 Series Mobile processors with Radeon™
AMD Ryzen™ 3000 Series Mobile processors
AMD 2nd Gen AMD Ryzen Mobile processors with Radeon
AMD Ryzen™ 4000 Series Mobile processors with Radeon™
AMD Ryzen™ 5000 Series Mobile processors with Radeon™
AMD Athlon™ Mobile processors with Radeon™ graphics
AMD 1st Gen AMD EPYC™ processors
AMD 2nd Gen AMD EPYC™ processors
描述:
CVE(CAN) ID:
CVE-2022-23816
美国AMD(Advanced Micro Devices)半导体公司专门为计算机、通信和消费电子行业设计和制造各种创新的微处理器(CPU、GPU、主板芯片组、电视卡芯片等),以及提供闪存和低功率处理器解决方案。
AMD多款产品存在类型混淆漏洞,该漏洞源于程序未能正确预测返回指令的分支类型。攻击者可利用该漏洞在微体系结构的条件下执行任意代码。
<*来源:Johannes Wikner
Kaveh Razavi
链接:
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037
*>
建议:
厂商补丁:
AMD
---
AMD已经为此发布了一个安全公告( AMD-SB-1037)以及相应补丁:
 AMD-SB-1037:AMD CPU Branch Type Confusion
链接:
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037浏览次数:1264
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载 绿盟科技给您安全的保障 |