CVE-2022-0001Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution in Linux

CWE-1423Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient ExecutionCWE-1303Non-Transparent Sharing of Microarchitectural ResourcesCWE-125Out-of-bounds ReadCWE-200Sensitive Information Exposure47 documents14 sources
Severity
6.5MEDIUMNVD
OSV7.8CISA7.8
EPSS
0.3%
top 47.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
24
Linux KernelDebian LinuxOracle Communications Cloud Native Core Binding Support Function+21 more
Timeline
PublishedMar 11
Latest updateOct 21

Description

Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 2.0 | Impact: 4.0

Affected Packages25 packages

debiandebian/linux< linux 5.16.12-1 (bookworm)
Debianlinux/linux_kernel< 5.10.103-1+3
Ubuntulinux/linux_kernel< 5.4.0-104.118+4
Palo Altopaloalto/pan-os

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

18
OSV
linux-aws-5.4 vulnerabilities2024-07-10
OSV
linux-azure vulnerabilities2024-07-10
OSV
linux-azure, linux-azure-4.15 vulnerabilities2024-07-04
OSV
linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities2024-07-03
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities2024-07-03

📋Vendor Advisories

26
Red Hat
kernel: HID: core: fix shift-out-of-bounds in hid_report_raw_event2024-10-21
Ubuntu
Linux kernel (Azure) vulnerabilities2024-07-10
Ubuntu
Linux kernel (AWS) vulnerabilities2024-07-10
Ubuntu
Linux kernel (Azure) vulnerabilities2024-07-04
Ubuntu
Linux kernel vulnerabilities2024-07-03

📐Framework References

1
CWE
Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution

💬Community

1
HackerOne
CVE-2022-22576: OAUTH2 bearer bypass in connection re-use2022-04-29