Lucene search

[email protected]NVD:CVE-2022-23960

HistoryMar 13, 2022 - 12:15 a.m.

CVE-2022-23960

2022-03-1300:15:07

[email protected]

web.nvd.nist.gov

arm cortex

neoverse

spectre-bhb

cache speculation

branch history buffer

cache allocation

vulnerability

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.6

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

22.9%

JSON

Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.

Affected configurations

Nvd

Node

xenxenMatch-

AND

armcortex-a57Match-

armcortex-a65Match-

armcortex-a65aeMatch-

armcortex-a710Match-

armcortex-a72Match-

armcortex-a73Match-

armcortex-a75Match-

armcortex-a76Match-

armcortex-a76aeMatch-

armcortex-a77Match-

armcortex-a78Match-

armcortex-a78aeMatch-

armcortex-r7Match-

armcortex-r8Match-

armcortex-x1Match-

armcortex-x2Match-

armneoverse-e1Match-

armneoverse-v1Match-

armneoverse_n1Match-

armneoverse_n2Match-

Node

armcortex-r7_firmwareMatch-

AND

armcortex-r7Match-

Node

armcortex-r8_firmwareMatch-

AND

armcortex-r8Match-

Node

armcortex-a57_firmwareMatch-

AND

armcortex-a57Match-

Node

armcortex-a65_firmwareMatch-

AND

armcortex-a65Match-

Node

armcortex-a65ae_firmwareMatch-

AND

armcortex-a65aeMatch-

Node

armcortex-a710_firmwareMatch-

AND

armcortex-a710Match-

Node

armcortex-a72_firmwareMatch-

AND

armcortex-a72Match-

Node

armcortex-a73_firmwareMatch-

AND

armcortex-a73Match-

Node

armcortex-a75_firmwareMatch-

AND

armcortex-a75Match-

Node

armcortex-a76_firmwareMatch-

AND

armcortex-a76Match-

Node

armcortex-a76ae_firmwareMatch-

AND

armcortex-a76aeMatch-

Node

armcortex-a77_firmwareMatch-

AND

armcortex-a77Match-

Node

armcortex-a78_firmwareMatch-

AND

armcortex-a78Match-

Node

armcortex-a78ae_firmwareMatch-

AND

armcortex-a78aeMatch-

Node

armcortex-x1_firmwareMatch-

AND

armcortex-x1Match-

Node

armcortex-x2_firmwareMatch-

AND

armcortex-x2Match-

Node

armneoverse-e1_firmwareMatch-

AND

armneoverse-e1Match-

Node

armneoverse-v1_firmwareMatch-

AND

armneoverse-v1Match-

Node

armneoverse_n1_firmwareMatch-

AND

armneoverse_n1Match-

Node

armneoverse_n2_firmwareMatch-

AND

armneoverse_n2Match-

Node

debiandebian_linuxMatch9.0

debiandebian_linuxMatch10.0

References

www.openwall.com/lists/oss-security/2022/03/18/2

developer.arm.com/support/arm-security-updates

developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability

lists.debian.org/debian-lts-announce/2022/07/msg00000.html

www.debian.org/security/2022/dsa-5173

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.6

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

22.9%

JSON

CVE-2022-23960

Affected configurations

References

Related