Vulnerability identifier: #VU65205
Vulnerability risk: Low
CVSSv3.1:
CVE-ID:
CWE-ID:
CWE-1037
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
AMD Athlon X4 processor
Hardware solutions /
Firmware
AMD Ryzen Threadripper PRO processor
Hardware solutions /
Firmware
2nd Gen AMD Ryzen Threadripper processors
Hardware solutions /
Firmware
3rd Gen AMD Ryzen Threadripper processors
Hardware solutions /
Firmware
7th Generation AMD A-Series APUs
Hardware solutions /
Firmware
AMD Ryzen 2000 series Desktop processor
Hardware solutions /
Firmware
AMD Ryzen 3000 Series Desktop processor
Hardware solutions /
Firmware
AMD Ryzen 4000 Series Desktop processors with Radeon graphics
Hardware solutions /
Firmware
AMD Ryzen 2000 Series Mobile processor
Hardware solutions /
Firmware
AMD Athlon 3000 Series Mobile processors with Radeon Graphics
Hardware solutions /
Firmware
AMD Ryzen 3000 Series Mobile processor
Hardware solutions /
Firmware
2nd Gen AMD Ryzen Mobile processor with Radeon graphics
Hardware solutions /
Firmware
AMD Ryzen 4000 Series Mobile processors with Radeon graphics
Hardware solutions /
Firmware
AMD Ryzen 5000 Series Mobile processor with Radeon graphics
Hardware solutions /
Firmware
AMD Athlon Mobile processor with Radeon graphics
Hardware solutions /
Firmware
1st Gen AMD EPYC Processors
Hardware solutions /
Firmware
2nd Gen AMD EPYC Processors
Hardware solutions /
Firmware
Vendor: AMD
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a mistrained branch predictions for return instructions. A local user can execute arbitrary speculative code under certain microarchitecture-dependent conditions. The vulnerability was dubbed RETbleed.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
AMD Athlon X4 processor: All versions
AMD Ryzen Threadripper PRO processor: All versions
2nd Gen AMD Ryzen Threadripper processors: All versions
3rd Gen AMD Ryzen Threadripper processors: All versions
7th Generation AMD A-Series APUs: All versions
AMD Ryzen 2000 series Desktop processor: All versions
AMD Ryzen 3000 Series Desktop processor: All versions
AMD Ryzen 4000 Series Desktop processors with Radeon graphics: All versions
AMD Ryzen 2000 Series Mobile processor: All versions
AMD Athlon 3000 Series Mobile processors with Radeon Graphics: All versions
AMD Ryzen 3000 Series Mobile processor: All versions
2nd Gen AMD Ryzen Mobile processor with Radeon graphics: All versions
AMD Ryzen 4000 Series Mobile processors with Radeon graphics: All versions
AMD Ryzen 5000 Series Mobile processor with Radeon graphics: All versions
AMD Athlon Mobile processor with Radeon graphics: All versions
1st Gen AMD EPYC Processors: All versions
2nd Gen AMD EPYC Processors: All versions
CPE
External links
http://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?