PT-2021-1522 · Arm+9 · Arm Cortex+10

Published

2021-11-10

·

Updated

2023-01-20

·

CVE-2022-23960

CVSS v3.1

5.6

Medium

VectorAV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Arm Cortex and Neoverse processors versions prior to 2022-03-08
Description The issue is related to a hardware flaw that allows for cache speculation, also known as Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches, potentially allowing the attacker to obtain sensitive information. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Recommendations For Arm Cortex and Neoverse processors versions prior to 2022-03-08, consider disabling or restricting the use of the Branch History Buffer (BHB) as a temporary workaround until a patch is available. Additionally, restricting access to sensitive information and implementing other security measures can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALSA-2022:7683
ALT-PU-2022-1668
ASB-A-215557547
BDU:2022-03214
CESA-2022_7683
CVE-2022-23960
DLA-3065-1
DSA-5173-1
MGASA-2022-0100
MGASA-2022-0101
OESA-2022-1631
OPENSUSE-SU-2024:11935-1
RHSA-2022:7683
RHSA-2022_7683
RHSA-2024:0930
RLSA-2022:7683
SUSE-SU-2022:1196-1
SUSE-SU-2022:1651-1
SUSE-SU-2022_1651-1
USN-5317-1
USN-5318-1
USN-5362-1

Affected Products

Alt Linux
Almalinux
Arm Cortex
Astra Linux
Centos
Linuxmint
Neoverse
Red Hat
Rocky Linux
Suse
Ubuntu