CVE-2022-23960
Advisory lineage Upstream: 0 Downstream: 14
Modified
Published: 12 Mar 2022, 23:57
Last modified:03 Aug 2024, 03:59
Vulnerability Summary
Overall Risk (default)
low
22/100 CVSS Score
5.6 MEDIUM
v3.1 (nvd)
EPSS Score
0.23% LOW
0% probability +0.05%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
12 Mar 2022, 23:57
Published
Vulnerability first disclosed
03 Aug 2024, 03:59
Last Modified
Vulnerability information updated
Description
Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.6CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
- v2.0•LOW•Score: 1.9AV:L/AC:M/Au:N/C:P/I:N/A:N
EPSS Trends
Current EPSS score: 0.23%• Percentile: 46%
Affected Systems
- arm•cortex-a57_firmware
na
- arm•cortex-a65_firmware
na
- arm•cortex-a65ae_firmware
na
- arm•cortex-a710_firmware
na
- arm•cortex-a72_firmware
na
- arm•cortex-a73_firmware
na
- arm•cortex-a75_firmware
na
- arm•cortex-a76_firmware
na
- arm•cortex-a76ae_firmware
na
- arm•cortex-a77_firmware
na
- arm•cortex-a78_firmware
na
- arm•cortex-a78ae_firmware
na
- arm•cortex-r7_firmware
na
- arm•cortex-r8_firmware
na
- arm•cortex-x1_firmware
na
- arm•cortex-x2_firmware
na
- arm•neoverse_n1_firmware
na
- arm•neoverse_n2_firmware
na
- arm•neoverse-e1_firmware
na
- arm•neoverse-v1_firmware
na
- debian•debian_linux
9.0 | 10.0
- xen•xen
na
References (5)
- https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
- https://developer.arm.com/support/arm-security-updates
- http://www.openwall.com/lists/oss-security/2022/03/18/2
- https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
- https://www.debian.org/security/2022/dsa-5173