QwikSec

Security Database

CVE

CWE

Training

CVE-2022-42331

Published: Mar 21, 2023

Modified: Feb 13, 2025

PUBLISHED

Description

x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be attacked with a variety of speculative attacks.

Vendor	Product	Versions
Xen	xen	unknown `consult Xen advisory XSA-429`

References

https://xenbits.xenproject.org/xsa/advisory-429.txt

[oss-security] 20230321 Xen Security Advisory 429 v3 (CVE-2022-42331) - x86: speculative vulnerability in 32bit SYSCALL path

mailing-list

http://xenbits.xen.org/xsa/advisory-429.html

FEDORA-2023-703f133eb3

vendor-advisory

FEDORA-2023-da8315e641

vendor-advisory

vendor-advisory

https://security.gentoo.org/glsa/202402-07

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.