Lucene search

[email protected]CVE-2022-25368

HistoryMar 10, 2022 - 5:47 p.m.

CVE-2022-25368

2022-03-1017:47:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2022-25368

spectre

bhb variant

cpu

cache allocation

data inference

nvd

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

4.9 Medium

AI Score

Confidence

High

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

23.0%

JSON

Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim’s hardware context. Speculation caused by these mispredicted branches can then potentially be used to cause cache allocation, which can then be used to infer information that should be protected.

CPENameOperatorVersion
amperecomputing:ampere_altra_max_firmwareamperecomputing ampere altra max firmwareeq-
amperecomputing:ampere_altra_firmwareamperecomputing ampere altra firmwareeq-
arm:neoverse-e1_firmwarearm neoverse-e1 firmwareeq-
arm:neoverse-v1_firmwarearm neoverse-v1 firmwareeq-
arm:cortex-a57_firmwarearm cortex-a57 firmwareeq-
arm:cortex-a65_firmwarearm cortex-a65 firmwareeq-
arm:cortex-a65ae_firmwarearm cortex-a65ae firmwareeq-
arm:cortex-a72_firmwarearm cortex-a72 firmwareeq-
arm:cortex-a73_firmwarearm cortex-a73 firmwareeq-
arm:cortex-a75_firmwarearm cortex-a75 firmwareeq-

CPE	Name	Operator	Version
amperecomputing:ampere_altra_max_firmware	amperecomputing ampere altra max firmware	eq	-
amperecomputing:ampere_altra_firmware	amperecomputing ampere altra firmware	eq	-
arm:neoverse-e1_firmware	arm neoverse-e1 firmware	eq	-
arm:neoverse-v1_firmware	arm neoverse-v1 firmware	eq	-
arm:cortex-a57_firmware	arm cortex-a57 firmware	eq	-
arm:cortex-a65_firmware	arm cortex-a65 firmware	eq	-
arm:cortex-a65ae_firmware	arm cortex-a65ae firmware	eq	-
arm:cortex-a72_firmware	arm cortex-a72 firmware	eq	-
arm:cortex-a73_firmware	arm cortex-a73 firmware	eq	-
arm:cortex-a75_firmware	arm cortex-a75 firmware	eq	-

Rows per page:

1-10 of 221

References

amperecomputing.com/products/security-bulletins/impact-of-spectre-bhb-on-ampere.html

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960

developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/spectre-bhb

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

4.9 Medium

AI Score

Confidence

High

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

23.0%

JSON

Related for CVE-2022-25368

prion1 cvelist1