Preface: In August 2022, CVE-2022-26373 told that Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. It looks that same vulnerability with new CVE reference number. What’s going on?  CVE-2023-38575 was published on 13th March 2024.

Background: Fundamentally, branch prediction unit can reduce pipeline stalls and keep the CPU executing instructions. However, if the prediction has fault, the CPU may have to flush the pipeline, as a result it has performance penalty.

Operating systems have a process or task scheduler, which schedules the execution of various available tasks by allocating the CPU time. Furthermore, each process stores information about its state, which we call its context.

Vulnerability details: CVE-2023-38575 – Non-transparent sharing of return predictor targets between contexts in some Intel Processors may allow an authorized user to potentially enable information disclosure via local access.

Remark: Updating your microcode can help to mitigate certain potential security vulnerabilities in CPUs as well as address certain functional issues.

Official announcement: Please refer to the link for details – https://www.suse.com/security/cve/CVE-2023-46839.html