CVE-2022-23960
hw: cpu: arm64: Spectre-BHB
Severity Score
5.6
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.
Algunos procesadores Arm Cortex y Neoverse versiones hasta 08-03-2022 no restringen apropiadamente la especulación de la caché, también conocida como Spectre-BHB. Un atacante puede aprovechar el historial de bifurcaciones compartido en el Buffer del Historial de Bifurcaciones (BHB) para influir en las bifurcaciones predichas inapropiadamente. Entonces, la asignación de la caché puede permitir al atacante obtener información confidencial
A new cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, was found in hw. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history (stored in the CPU Branch History Buffer, or BHB) to influence mispredicted branches within the victim's hardware context. Once that occurs, speculation caused by the mispredicted branches can cause cache allocation. This issue leads to obtaining information that should not be accessible.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-01-26 CVE Reserved
- 2022-03-09 CVE Published
- 2023-06-17 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2022/03/18/2 | 2023-01-20 | |
| https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability | 2023-01-20 |
| URL | Date | SRC |
|---|---|---|
| https://developer.arm.com/support/arm-security-updates | 2023-01-20 | |
| https://www.debian.org/security/2022/dsa-5173 | 2023-01-20 | |
| https://access.redhat.com/security/cve/CVE-2022-23960 | 2024-02-21 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2062284 | 2024-02-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | - | - |
Affected
| in | Arm Search vendor "Arm" | Cortex-a57 Search vendor "Arm" for product "Cortex-a57" | - | - |
Safe
|
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | - | - |
Affected
| in | Arm Search vendor "Arm" | Cortex-a65 Search vendor "Arm" for product "Cortex-a65" | - | - |
Safe
|
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | - | - |
Affected
| in | Arm Search vendor "Arm" | Cortex-a65ae Search vendor "Arm" for product "Cortex-a65ae" | - | - |
Safe
|
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | - | - |
Affected
| in | Arm Search vendor "Arm" | Cortex-a710 Search vendor "Arm" for product "Cortex-a710" | - | - |
Safe
|
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | - | - |
Affected
| in | Arm Search vendor "Arm" | Cortex-a72 Search vendor "Arm" for product "Cortex-a72" | - | - |
Safe
|
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | - | - |
Affected
| in | Arm Search vendor "Arm" | Cortex-a73 Search vendor "Arm" for product "Cortex-a73" | - | - |
Safe
|
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | - | - |
Affected
| in | Arm Search vendor "Arm" | Cortex-a75 Search vendor "Arm" for product "Cortex-a75" | - | - |
Safe
|
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | - | - |
Affected
| in | Arm Search vendor "Arm" | Cortex-a76 Search vendor "Arm" for product "Cortex-a76" | - | - |
Safe
|
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | - | - |
Affected
| in | Arm Search vendor "Arm" | Cortex-a76ae Search vendor "Arm" for product "Cortex-a76ae" | - | - |
Safe
|
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | - | - |
Affected
| in | Arm Search vendor "Arm" | Cortex-a77 Search vendor "Arm" for product "Cortex-a77" | - | - |
Safe
|
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | - | - |
Affected
| in | Arm Search vendor "Arm" | Cortex-a78 Search vendor "Arm" for product "Cortex-a78" | - | - |
Safe
|
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | - | - |
Affected
| in | Arm Search vendor "Arm" | Cortex-a78ae Search vendor "Arm" for product "Cortex-a78ae" | - | - |
Safe
|
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | - | - |
Affected
| in | Arm Search vendor "Arm" | Cortex-r7 Search vendor "Arm" for product "Cortex-r7" | - | - |
Safe
|
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | - | - |
Affected
| in | Arm Search vendor "Arm" | Cortex-r8 Search vendor "Arm" for product "Cortex-r8" | - | - |
Safe
|
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | - | - |
Affected
| in | Arm Search vendor "Arm" | Cortex-x1 Search vendor "Arm" for product "Cortex-x1" | - | - |
Safe
|
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | - | - |
Affected
| in | Arm Search vendor "Arm" | Cortex-x2 Search vendor "Arm" for product "Cortex-x2" | - | - |
Safe
|
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | - | - |
Affected
| in | Arm Search vendor "Arm" | Neoverse-e1 Search vendor "Arm" for product "Neoverse-e1" | - | - |
Safe
|
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | - | - |
Affected
| in | Arm Search vendor "Arm" | Neoverse-v1 Search vendor "Arm" for product "Neoverse-v1" | - | - |
Safe
|
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | - | - |
Affected
| in | Arm Search vendor "Arm" | Neoverse N1 Search vendor "Arm" for product "Neoverse N1" | - | - |
Safe
|
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | - | - |
Affected
| in | Arm Search vendor "Arm" | Neoverse N2 Search vendor "Arm" for product "Neoverse N2" | - | - |
Safe
|
| Arm Search vendor "Arm" | Cortex-r7 Firmware Search vendor "Arm" for product "Cortex-r7 Firmware" | - | - |
Affected
| in | Arm Search vendor "Arm" | Cortex-r7 Search vendor "Arm" for product "Cortex-r7" | - | - |
Safe
|
| Arm Search vendor "Arm" | Cortex-r8 Firmware Search vendor "Arm" for product "Cortex-r8 Firmware" | - | - |
Affected
| in | Arm Search vendor "Arm" | Cortex-r8 Search vendor "Arm" for product "Cortex-r8" | - | - |
Safe
|
| Arm Search vendor "Arm" | Cortex-a57 Firmware Search vendor "Arm" for product "Cortex-a57 Firmware" | - | - |
Affected
| in | Arm Search vendor "Arm" | Cortex-a57 Search vendor "Arm" for product "Cortex-a57" | - | - |
Safe
|
| Arm Search vendor "Arm" | Cortex-a65 Firmware Search vendor "Arm" for product "Cortex-a65 Firmware" | - | - |
Affected
| in | Arm Search vendor "Arm" | Cortex-a65 Search vendor "Arm" for product "Cortex-a65" | - | - |
Safe
|
| Arm Search vendor "Arm" | Cortex-a65ae Firmware Search vendor "Arm" for product "Cortex-a65ae Firmware" | - | - |
Affected
| in | Arm Search vendor "Arm" | Cortex-a65ae Search vendor "Arm" for product "Cortex-a65ae" | - | - |
Safe
|
| Arm Search vendor "Arm" | Cortex-a710 Firmware Search vendor "Arm" for product "Cortex-a710 Firmware" | - | - |
Affected
| in | Arm Search vendor "Arm" | Cortex-a710 Search vendor "Arm" for product "Cortex-a710" | - | - |
Safe
|
| Arm Search vendor "Arm" | Cortex-a72 Firmware Search vendor "Arm" for product "Cortex-a72 Firmware" | - | - |
Affected
| in | Arm Search vendor "Arm" | Cortex-a72 Search vendor "Arm" for product "Cortex-a72" | - | - |
Safe
|
| Arm Search vendor "Arm" | Cortex-a73 Firmware Search vendor "Arm" for product "Cortex-a73 Firmware" | - | - |
Affected
| in | Arm Search vendor "Arm" | Cortex-a73 Search vendor "Arm" for product "Cortex-a73" | - | - |
Safe
|
| Arm Search vendor "Arm" | Cortex-a75 Firmware Search vendor "Arm" for product "Cortex-a75 Firmware" | - | - |
Affected
| in | Arm Search vendor "Arm" | Cortex-a75 Search vendor "Arm" for product "Cortex-a75" | - | - |
Safe
|
| Arm Search vendor "Arm" | Cortex-a76 Firmware Search vendor "Arm" for product "Cortex-a76 Firmware" | - | - |
Affected
| in | Arm Search vendor "Arm" | Cortex-a76 Search vendor "Arm" for product "Cortex-a76" | - | - |
Safe
|
| Arm Search vendor "Arm" | Cortex-a76ae Firmware Search vendor "Arm" for product "Cortex-a76ae Firmware" | - | - |
Affected
| in | Arm Search vendor "Arm" | Cortex-a76ae Search vendor "Arm" for product "Cortex-a76ae" | - | - |
Safe
|
| Arm Search vendor "Arm" | Cortex-a77 Firmware Search vendor "Arm" for product "Cortex-a77 Firmware" | - | - |
Affected
| in | Arm Search vendor "Arm" | Cortex-a77 Search vendor "Arm" for product "Cortex-a77" | - | - |
Safe
|
| Arm Search vendor "Arm" | Cortex-a78 Firmware Search vendor "Arm" for product "Cortex-a78 Firmware" | - | - |
Affected
| in | Arm Search vendor "Arm" | Cortex-a78 Search vendor "Arm" for product "Cortex-a78" | - | - |
Safe
|
| Arm Search vendor "Arm" | Cortex-a78ae Firmware Search vendor "Arm" for product "Cortex-a78ae Firmware" | - | - |
Affected
| in | Arm Search vendor "Arm" | Cortex-a78ae Search vendor "Arm" for product "Cortex-a78ae" | - | - |
Safe
|
| Arm Search vendor "Arm" | Cortex-x1 Firmware Search vendor "Arm" for product "Cortex-x1 Firmware" | - | - |
Affected
| in | Arm Search vendor "Arm" | Cortex-x1 Search vendor "Arm" for product "Cortex-x1" | - | - |
Safe
|
| Arm Search vendor "Arm" | Cortex-x2 Firmware Search vendor "Arm" for product "Cortex-x2 Firmware" | - | - |
Affected
| in | Arm Search vendor "Arm" | Cortex-x2 Search vendor "Arm" for product "Cortex-x2" | - | - |
Safe
|
| Arm Search vendor "Arm" | Neoverse-e1 Firmware Search vendor "Arm" for product "Neoverse-e1 Firmware" | - | - |
Affected
| in | Arm Search vendor "Arm" | Neoverse-e1 Search vendor "Arm" for product "Neoverse-e1" | - | - |
Safe
|
| Arm Search vendor "Arm" | Neoverse-v1 Firmware Search vendor "Arm" for product "Neoverse-v1 Firmware" | - | - |
Affected
| in | Arm Search vendor "Arm" | Neoverse-v1 Search vendor "Arm" for product "Neoverse-v1" | - | - |
Safe
|
| Arm Search vendor "Arm" | Neoverse N1 Firmware Search vendor "Arm" for product "Neoverse N1 Firmware" | - | - |
Affected
| in | Arm Search vendor "Arm" | Neoverse N1 Search vendor "Arm" for product "Neoverse N1" | - | - |
Safe
|
| Arm Search vendor "Arm" | Neoverse N2 Firmware Search vendor "Arm" for product "Neoverse N2 Firmware" | - | - |
Affected
| in | Arm Search vendor "Arm" | Neoverse N2 Search vendor "Arm" for product "Neoverse N2" | - | - |
Safe
|
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||