PT-2022-6662 · Ampere+4 · Ampereone+4

Published

2022-10-12

·

Updated

2025-01-09

·

CVE-2023-3006

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Linux (affected versions not specified) AmpereOne hardware (affected versions not specified)
Description A known cache speculation issue, similar to Spectre v2, allows malicious code to influence mispredicted branches within a victim's hardware context using the shared branch history stored in the CPU Branch History Buffer (BHB). This can lead to speculation causing cache allocation, resulting in the exposure of information that should not be accessible. Additionally, a Linux kernel vulnerability related to errors in inter-boundary removal of critical data may allow an attacker to access protected information.
Recommendations For Linux, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For AmpereOne hardware, consider disabling or restricting the use of speculative execution features until a patch or mitigation is available.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-226CWE-212

Related Identifiers

BDU:2023-03173
CVE-2023-3006
OESA-2023-1393
OESA-2023-1394
OESA-2023-1395
OESA-2023-1397
OPENSUSE-SU-2023_2646-1
OPENSUSE-SU-2023_2871-1
RHSA-2024:3462
SUSE-SU-2023:2500-1
SUSE-SU-2023:2646-1
SUSE-SU-2023:2653-1
SUSE-SU-2023:2782-1
SUSE-SU-2023:2809-1
SUSE-SU-2023:2871-1
USN-6548-1
USN-6548-2
USN-6548-3
USN-6548-4
USN-6548-5
USN-6701-1
USN-6701-2
USN-6701-3
USN-6701-4

Affected Products

Ampereone
Astra Linux
Linuxmint
Suse
Ubuntu