Lucene search
Ubuntu.comUB:CVE-2022-23960HistoryMar 08, 2022 - 12:00 a.m.
CVE-2022-23960
2022-03-0800:00:00
ubuntu.com
ubuntu.com
35
0.001 Low
EPSS
Percentile
22.5%
Certain Arm Cortex and Neoverse processors through 2022-03-08 do not
properly restrict cache speculation, aka Spectre-BHB. An attacker can
leverage the shared branch history in the Branch History Buffer (BHB) to
influence mispredicted branches. Then, cache allocation can allow the
attacker to obtain sensitive information.
Notes
| Author | Note |
|---|---|
| sbeattie | unprivileged eBPF was already disabled by default for 5.13 and newer kernels ARM specific issue |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | linux | < 4.15.0-184.194 | UNKNOWN |
| ubuntu | 20.04 | noarch | linux | < 5.4.0-117.132 | UNKNOWN |
| ubuntu | 21.10 | noarch | linux | < 5.13.0-35.40 | UNKNOWN |
| ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
| ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1133.143 | UNKNOWN |
| ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1078.84 | UNKNOWN |
| ubuntu | 21.10 | noarch | linux-aws | < 5.13.0-1017.19 | UNKNOWN |
| ubuntu | 14.04 | noarch | linux-aws | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | linux-aws | < any | UNKNOWN |
References
developer.arm.com/documentation/ka004995/latest/
developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/spectre-bhb
launchpad.net/bugs/cve/CVE-2022-23960
nvd.nist.gov/vuln/detail/CVE-2022-23960
security-tracker.debian.org/tracker/CVE-2022-23960
ubuntu.com/security/notices/USN-5317-1
ubuntu.com/security/notices/USN-5318-1
ubuntu.com/security/notices/USN-5362-1
wiki.ubuntu.com/SecurityTeam/KnowledgeBase/BHI
www.cve.org/CVERecord?id=CVE-2022-23960
www.vusec.net/projects/bhi-spectre-bhb/
Related
redhatcve
redhatcve
CVE-2022-23960
2022-03-09 13:49:34
prion
prion
Design/Logic Flaw
2022-03-13 00:15:00
osv
osv
CVE-2022-23960
2022-03-13 00:15:07
Speculative Target Reuse Attacks
2022-12-01 00:00:00
Moderate: kernel security, bug fix, and enhancement update
2022-11-08 00:00:00
veracode
veracode
Information Disclosure
2022-04-28 09:29:11
mscve
mscve
Arm: CVE-2022-23960 Cache Speculation Restriction Vulnerability
2022-09-13 07:00:00
cvelist
cvelist
CVE-2022-23960
2022-03-12 23:57:21
cve
cve
CVE-2022-23960
2022-03-13 00:15:07
debiancve
debiancve
CVE-2022-23960
2022-03-13 00:15:07
openvas
openvas
Ubuntu: Security Advisory (USN-5318-1)
2022-03-09 00:00:00
Ubuntu: Security Advisory (USN-5317-1)
2022-03-09 00:00:00
Mageia: Security Advisory (MGASA-2022-0100)
2022-03-15 00:00:00
cloudfoundry
cloudfoundry
USN-5318-1: Linux kernel vulnerabilities | Cloud Foundry
2022-03-11 00:00:00
xen
xen
Multiple speculative security issues
2022-03-08 18:12:00
malwarebytes
malwarebytes
Update now! Microsoft patches two zero-days
2022-09-14 12:00:00
nessus
nessus
Amazon Linux 2022 : (ALAS2022-2022-039)
2022-09-06 00:00:00
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-023)
2022-05-24 00:00:00
Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9245)
2022-03-23 00:00:00
thn
thn
Microsoft's Latest Security Update Fixes 64 New Flaws, Including a Zero-Day
2022-09-14 04:42:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel-container security update
2022-03-23 00:00:00
Unbreakable Enterprise kernel security update
2022-03-23 00:00:00
Unbreakable Enterprise kernel security update
2022-04-11 00:00:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2022-03-14 19:51:52
Updated kernel-linus packages fix security vulnerabilities
2022-03-14 19:51:52
amazon
amazon
Important: kernel
2022-03-07 23:19:00
Important: kernel
2022-03-07 23:32:00
avleonov
avleonov
redhat
redhat
(RHSA-2024:0930) Important: kernel security update
2024-02-21 00:10:57
photon
photon
Critical Photon OS Security Update - PHSA-2022-4.0-0183
2022-05-14 00:00:00
Important Photon OS Security Update - PHSA-2022-0393
2022-05-14 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0393
2022-05-14 00:00:00
rocky
rocky
kernel security, bug fix, and enhancement update
2022-11-08 06:26:19
qualysblog
qualysblog
almalinux
almalinux
Moderate: kernel security, bug fix, and enhancement update
2022-11-08 00:00:00
debian
debian
[SECURITY] [DSA 5173-1] linux security update
2022-07-03 15:49:12
slackware
slackware
[slackware-security] Slackware 15.0 kernel
2022-05-09 21:58:04
mskb
mskb
September 13, 2022—KB5017328 (OS Build 22000.978)
2022-09-13 07:00:00
kaspersky
kaspersky
KLA19245 Multiple vulnerabilities in Microsoft Windows
2022-09-13 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - September 2022
2022-09-13 20:11:08