CVE-2022-23960 — Linux vulnerability
19 documents12 sources
Severity
5.6MEDIUMNVD
OSV6.5
EPSS
0.2%
top 58.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 13
Latest updateFeb 14
Description
Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 1.1 | Impact: 4.0
Affected Packages6 packages
Also affects: Debian Linux 10.0, 9.0
Patches
🔴Vulnerability Details
7OSV▶
CVE-2022-23960: In specific ARM processors, there is a possible side-channel information leak due to a hardware flaw↗2022-12-01
GHSA▶
GHSA-m7j2-567h-fvrw: Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB↗2022-03-14
OSV▶
CVE-2022-23960: Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB↗2022-03-13
OSV▶
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-azure-fde, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-↗2022-03-09
📋Vendor Advisories
8🕵️Threat Intelligence
3Qualys▶
September 2022 Patch Tuesday | Microsoft Releases 63 Vulnerabilities With 5 Critical, Plus 16 Microsoft Edge (Chromium-Based); Adobe Releases 7 Advisories, 63 Vulnerabilities With 35 Critical.↗2022-09-13
Qualys▶
September 2022 Patch Tuesday | Microsoft Releases 63 Vulnerabilities With 5 Critical, Plus 16 Microsoft Edge (Chromium-Based); Adobe Releases 7 Advisories, 63 Vulnerabilities With 35 Critical. | Qualy↗2022-09-13