Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-42336
HistoryMay 17, 2023 - 12:00 a.m.

CVE-2022-42336

2023-05-1700:00:00
ubuntu.com
ubuntu.com
18
mishandling
ssbd selection
amd hardware
logic
coordination
core level
under or overflow
thread counter

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

0

Percentile

9.0%

Mishandling of guest SSBD selection on AMD hardware The current logic to
set SSBD on AMD Family 17h and Hygon Family 18h processors requires that
the setting of SSBD is coordinated at a core level, as the setting is
shared between threads. Logic was introduced to keep track of how many
threads require SSBD active in order to coordinate it, such logic relies on
using a per-core counter of threads that have SSBD active. When running on
the mentioned hardware, it’s possible for a guest to under or overflow the
thread counter, because each write to VIRT_SPEC_CTRL.SSBD by the guest gets
propagated to the helper that does the per-core active accounting.
Underflowing the counter causes the value to get saturated, and thus
attempts for guests running on the same core to set SSBD won’t have effect
because the hypervisor assumes it’s already active.

Notes

Author Note
mdeslaur hypervisor packages are in universe. For issues in the hypervisor, add appropriate tags to each section, ex: Tags_xen: universe-binary

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

0

Percentile

9.0%