fkie_nvd - fkie_cve-2022-23960

fkie_cve-2022-23960

Vulnerability from fkie_nvd

Published

2022-03-13 00:15

Modified

2024-11-21 06:49

Severity ?

5.6 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Summary

Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.

References

URL	Tags
cve@mitre.org	http://www.openwall.com/lists/oss-security/2022/03/18/2	Mailing List, Patch, Third Party Advisory
cve@mitre.org	https://developer.arm.com/support/arm-security-updates	Vendor Advisory
cve@mitre.org	https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability	Mitigation, Patch, Vendor Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html	Mailing List, Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2022/dsa-5173	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2022/03/18/2	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://developer.arm.com/support/arm-security-updates	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability	Mitigation, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5173	Third Party Advisory

Impacted products

Vendor	Product	Version
xen	xen	-
arm	cortex-a57	-
arm	cortex-a65	-
arm	cortex-a65ae	-
arm	cortex-a710	-
arm	cortex-a72	-
arm	cortex-a73	-
arm	cortex-a75	-
arm	cortex-a76	-
arm	cortex-a76ae	-
arm	cortex-a77	-
arm	cortex-a78	-
arm	cortex-a78ae	-
arm	cortex-r7	-
arm	cortex-r8	-
arm	cortex-x1	-
arm	cortex-x2	-
arm	neoverse-e1	-
arm	neoverse-v1	-
arm	neoverse_n1	-
arm	neoverse_n2	-
arm	cortex-r7_firmware	-
arm	cortex-r7	-
arm	cortex-r8_firmware	-
arm	cortex-r8	-
arm	cortex-a57_firmware	-
arm	cortex-a57	-
arm	cortex-a65_firmware	-
arm	cortex-a65	-
arm	cortex-a65ae_firmware	-
arm	cortex-a65ae	-
arm	cortex-a710_firmware	-
arm	cortex-a710	-
arm	cortex-a72_firmware	-
arm	cortex-a72	-
arm	cortex-a73_firmware	-
arm	cortex-a73	-
arm	cortex-a75_firmware	-
arm	cortex-a75	-
arm	cortex-a76_firmware	-
arm	cortex-a76	-
arm	cortex-a76ae_firmware	-
arm	cortex-a76ae	-
arm	cortex-a77_firmware	-
arm	cortex-a77	-
arm	cortex-a78_firmware	-
arm	cortex-a78	-
arm	cortex-a78ae_firmware	-
arm	cortex-a78ae	-
arm	cortex-x1_firmware	-
arm	cortex-x1	-
arm	cortex-x2_firmware	-
arm	cortex-x2	-
arm	neoverse-e1_firmware	-
arm	neoverse-e1	-
arm	neoverse-v1_firmware	-
arm	neoverse-v1	-
arm	neoverse_n1_firmware	-
arm	neoverse_n1	-
arm	neoverse_n2_firmware	-
arm	neoverse_n2	-
debian	debian_linux	9.0
debian	debian_linux	10.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFA1950D-1D9F-4401-AA86-CF3028EFD286",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:cortex-a57:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B00CD88D-5649-403F-A55A-BD49427D30FA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arm:cortex-a65:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEE41A45-7244-4A96-9A22-3BF57F9B7560",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arm:cortex-a65ae:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5693AF9C-8E4A-4BFD-AE1C-073CB3B5053D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arm:cortex-a710:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CEEC509-2A56-48F1-B388-3A8660D58FB5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arm:cortex-a72:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "16E23102-964E-485D-8EFF-4B1BBFE6EDE4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arm:cortex-a73:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "33B1374D-59E8-4FE5-AC6C-0323AB1DD60D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arm:cortex-a75:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C1DF922-1F46-41A6-A367-E56DD8C4163D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arm:cortex-a76:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E4FCA77-71D3-495E-BA2A-2953369E5DCC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arm:cortex-a76ae:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B08A239-BFC8-41EA-8A48-69F8DD7FC221",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arm:cortex-a77:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "514DE9F5-D826-42AA-B4CF-3EB09F4D3D5D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arm:cortex-a78:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDA3C472-D1E9-47B3-AFD0-BD274E3291F9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arm:cortex-a78ae:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E376B2A-430D-4D1D-BC28-92CD7E1E8564",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arm:cortex-r7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "044039A3-2AC7-4685-B671-C9B9FFD4ED6E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arm:cortex-r8:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE2F2C6D-3F41-4C42-81E2-01A52AD035B8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arm:cortex-x1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FC9F68C-7D65-4D29-AAA1-BA43228C6208",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arm:cortex-x2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D7FB822-DD26-402E-A413-EF55B6C01D07",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arm:neoverse-e1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A639E025-B946-4A84-88B9-2E5E655711CF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arm:neoverse-v1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3F388EB-8A46-43E1-9AB1-5832FBB9262A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arm:neoverse_n1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "74C9E6FC-9C40-4105-9FB0-17013E1ABBB3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arm:neoverse_n2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2F2936E-A611-472E-8EF0-F336A19DF578",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arm:cortex-r7_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "93C10475-AE35-4134-BB87-45544A62C942",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:cortex-r7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "044039A3-2AC7-4685-B671-C9B9FFD4ED6E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arm:cortex-r8_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "477B6938-2314-487E-BB35-354B335AC642",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:cortex-r8:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE2F2C6D-3F41-4C42-81E2-01A52AD035B8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arm:cortex-a57_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "68D895EC-B0A9-4292-AC64-60673F72C765",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:cortex-a57:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B00CD88D-5649-403F-A55A-BD49427D30FA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arm:cortex-a65_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE23799E-5B88-4631-B3D8-04BDB6A0795E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:cortex-a65:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEE41A45-7244-4A96-9A22-3BF57F9B7560",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arm:cortex-a65ae_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "18E54F07-38EA-4CCC-8F59-855D9251F818",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:cortex-a65ae:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5693AF9C-8E4A-4BFD-AE1C-073CB3B5053D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arm:cortex-a710_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AF7E5CA-95FF-4242-BD6E-8BDC185DA095",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:cortex-a710:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CEEC509-2A56-48F1-B388-3A8660D58FB5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arm:cortex-a72_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "38768B2B-F1A3-4A76-8716-9520CA075F3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:cortex-a72:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "16E23102-964E-485D-8EFF-4B1BBFE6EDE4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arm:cortex-a73_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7173A6DC-4D4E-424C-A922-C16D67627834",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:cortex-a73:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "33B1374D-59E8-4FE5-AC6C-0323AB1DD60D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arm:cortex-a75_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A891447-2F1D-48B4-AA47-3CB7EA4FDC7C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:cortex-a75:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C1DF922-1F46-41A6-A367-E56DD8C4163D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arm:cortex-a76_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "08CC4E5E-2794-4893-9B45-E14A3F4CF159",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:cortex-a76:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E4FCA77-71D3-495E-BA2A-2953369E5DCC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arm:cortex-a76ae_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6022C19-3C39-439E-AE6E-2319D831CF99",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:cortex-a76ae:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B08A239-BFC8-41EA-8A48-69F8DD7FC221",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arm:cortex-a77_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "155A0C39-4D0A-4264-B392-46002908939C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:cortex-a77:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "514DE9F5-D826-42AA-B4CF-3EB09F4D3D5D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arm:cortex-a78_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "96AB8C81-F441-4563-B5E0-B738DF4D1C50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:cortex-a78:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDA3C472-D1E9-47B3-AFD0-BD274E3291F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arm:cortex-a78ae_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E30BECA7-C45A-423D-9200-98D51BE9C84C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:cortex-a78ae:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E376B2A-430D-4D1D-BC28-92CD7E1E8564",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arm:cortex-x1_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D200C1F-1909-4952-824F-A2D279B9B37E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:cortex-x1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FC9F68C-7D65-4D29-AAA1-BA43228C6208",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arm:cortex-x2_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B749251-B873-4E37-BB5C-1D4C021205D3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:cortex-x2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D7FB822-DD26-402E-A413-EF55B6C01D07",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arm:neoverse-e1_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2543729C-69F9-47C8-B5E4-87156BFFF32F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:neoverse-e1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A639E025-B946-4A84-88B9-2E5E655711CF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arm:neoverse-v1_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E32A1FF8-3A37-4D10-8DBB-3ECAA8A5F970",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:neoverse-v1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3F388EB-8A46-43E1-9AB1-5832FBB9262A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arm:neoverse_n1_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4164A584-6F0D-4154-8FED-DC044CDE1FE7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:neoverse_n1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "74C9E6FC-9C40-4105-9FB0-17013E1ABBB3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arm:neoverse_n2_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B37176F-0AF4-4410-9C1F-4C5ED0051681",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:neoverse_n2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2F2936E-A611-472E-8EF0-F336A19DF578",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information."
    },
    {
      "lang": "es",
      "value": "Algunos procesadores Arm Cortex y Neoverse versiones hasta 08-03-2022 no restringen apropiadamente la especulaci\u00f3n de la cach\u00e9, tambi\u00e9n conocida como Spectre-BHB. Un atacante puede aprovechar el historial de bifurcaciones compartido en el Buffer del Historial de Bifurcaciones (BHB) para influir en las bifurcaciones predichas inapropiadamente. Entonces, la asignaci\u00f3n de la cach\u00e9 puede permitir al atacante obtener informaci\u00f3n confidencial"
    }
  ],
  "id": "CVE-2022-23960",
  "lastModified": "2024-11-21T06:49:32.247",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 1.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.1,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-03-13T00:15:07.990",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/03/18/2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://developer.arm.com/support/arm-security-updates"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mitigation",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5173"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/03/18/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://developer.arm.com/support/arm-security-updates"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5173"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2022-23960 (GCVE-0-2022-23960)

Vulnerability from cvelistv5

Published

2022-03-12 23:57