{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "REJECTED", "cveId": "CVE-2022-23816", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "dateUpdated": "2023-01-17T00:00:00", "dateRejected": "2023-01-17T00:00:00", "dateReserved": "2022-01-21T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2023-01-17T00:00:00"}, "rejectedReasons": [{"lang": "en", "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none."}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none."}], "id": "CVE-2022-23816", "lastModified": "2023-11-07T03:44:19.220", "metrics": {}, "published": "2023-01-17T06:15:10.663", "references": [], "sourceIdentifier": "psirt@amd.com", "vulnStatus": "Rejected"}

{"acknowledgement": "Red Hat would like to thank Johannes Wikner (ETH Z\u00fcrich) and Kaveh Razavi (ETH Z\u00fcrich) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2022:7338", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-1160.80.1.rt56.1225.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-11-02T00:00:00Z"}, {"advisory": "RHSA-2022:7337", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-1160.80.1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-11-02T00:00:00Z"}, {"advisory": "RHSA-2022:7134", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-372.32.1.rt7.189.el8_6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-10-25T00:00:00Z"}, {"advisory": "RHSA-2022:7110", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-372.32.1.el8_6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-10-25T00:00:00Z"}, {"advisory": "RHSA-2022:8267", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-162.6.1.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-15T00:00:00Z"}, {"advisory": "RHSA-2022:7933", "cpe": "cpe:/a:redhat:enterprise_linux:9::nfv", "package": "kernel-rt-0:5.14.0-162.6.1.rt21.168.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-15T00:00:00Z"}, {"advisory": "RHSA-2022:8267", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-162.6.1.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-15T00:00:00Z"}, {"advisory": "RHSA-2022:8973", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "kernel-0:5.14.0-70.36.1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2022-12-13T00:00:00Z"}, {"advisory": "RHSA-2022:8974", "cpe": "cpe:/a:redhat:rhel_eus:9.0::nfv", "package": "kernel-rt-0:5.14.0-70.36.1.rt21.108.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2022-12-13T00:00:00Z"}, {"advisory": "RHSA-2022:7110", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "kernel-0:4.18.0-372.32.1.el8_6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2022-10-25T00:00:00Z"}], "bugzilla": {"description": "hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions", "id": "2090226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090226"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-200", "details": ["This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.", "A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions."], "name": "CVE-2022-23816", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2022-07-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-23816\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-23816\nhttps://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037"], "threat_severity": "Moderate"}