CVE-2022-49611

x86/speculation: Fill RSB on vmexit for IBRS

Description

In the Linux kernel, the following vulnerability has been resolved: x86/speculation: Fill RSB on vmexit for IBRS Prevent RSB underflow/poisoning attacks with RSB. While at it, add a bunch of comments to attempt to document the current state of tribal knowledge about RSB attacks and what exactly is being mitigated.

N/A
CVSS
Severity:
EPSS 0.15%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/3d323b99ff5c8c57005184056d65f6af5b0479d8
https://git.kernel.org/stable/c/f744b88dfc201bf8092833ec70b23c720188b527
https://git.kernel.org/stable/c/17a9fc4a7b91f8599223631bb6ae6416bc0de1c0
https://git.kernel.org/stable/c/4d7f72b6e1bc630bec7e4cd51814bc2b092bf153
https://git.kernel.org/stable/c/8d5cff499a6d740c91ff37963907e0e983c37f0f
https://git.kernel.org/stable/c/8c38306e2e9257af4af2819aa287a4711ff36329
https://git.kernel.org/stable/c/9756bba28470722dacb79ffce554336dd1f6a6cd

Frequently Asked Questions

What is the severity of CVE-2022-49611?
CVE-2022-49611 has not yet been assigned a CVSS score.
How to fix CVE-2022-49611?
To fix CVE-2022-49611, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49611 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49611 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49611?
CVE-2022-49611 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.