Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-23960
HistoryMar 08, 2022 - 12:00 a.m.

CVE-2022-23960

2022-03-0800:00:00
ubuntu.com
ubuntu.com
43
arm cortex
neoverse processors
spectre-bhb
cache speculation
branch history buffer
sensitive information
cache allocation

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.6

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

22.9%

Certain Arm Cortex and Neoverse processors through 2022-03-08 do not
properly restrict cache speculation, aka Spectre-BHB. An attacker can
leverage the shared branch history in the Branch History Buffer (BHB) to
influence mispredicted branches. Then, cache allocation can allow the
attacker to obtain sensitive information.

Notes

Author Note
sbeattie unprivileged eBPF was already disabled by default for 5.13 and newer kernels ARM specific issue
Rows per page:
1-10 of 481

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.6

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

22.9%