CVE-2022-28693: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-28693 is a security vulnerability discovered in Intel processors related to an unprotected alternative channel of return branch target prediction. The vulnerability was disclosed on May 11, 2022, and affects various Intel processor models. This side-channel vulnerability could potentially lead to information disclosure when accessed locally by an authorized user (CVE Mitre).

The vulnerability is classified as a side-channel flaw in the processor's return branch target prediction mechanism. It has been assigned a CVSS v3.1 Base Score of 4.7 (Medium) with the vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N. The vulnerability is categorized under CWE-420 (Unprotected Alternate Channel) (NVD).

The vulnerability could allow an authorized user with local access to potentially enable information disclosure. In virtualized environments, such as VMware ESXi, a malicious actor with administrative access to a virtual machine can exploit this side-channel CPU flaw to potentially leak information stored in physical memory about the hypervisor or other virtual machines residing on the same ESXi host (VMware Advisory).

VMware has released patches for affected versions of ESXi (6.5, 6.7, and 7.0) and Cloud Foundation to address this vulnerability. These patches do not introduce performance impact. For ESXi 7.0, the fix is included in ESXi70U3sf-20036586, for ESXi 6.7 in ESXi670-202207401-SG, and for ESXi 6.5 in ESXi650-202207401-SG (VMware Advisory).