{"id": "CVE-2022-23960", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 1.1}]}, "published": "2022-03-13T00:15:07.990", "references": [{"url": "http://www.openwall.com/lists/oss-security/2022/03/18/2", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://developer.arm.com/support/arm-security-updates", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.debian.org/security/2022/dsa-5173", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2022/03/18/2", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://developer.arm.com/support/arm-security-updates", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.debian.org/security/2022/dsa-5173", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information."}, {"lang": "es", "value": "Algunos procesadores Arm Cortex y Neoverse versiones hasta 08-03-2022 no restringen apropiadamente la especulaci\u00f3n de la cach\u00e9, tambi\u00e9n conocida como Spectre-BHB. Un atacante puede aprovechar el historial de bifurcaciones compartido en el Buffer del Historial de Bifurcaciones (BHB) para influir en las bifurcaciones predichas inapropiadamente. Entonces, la asignaci\u00f3n de la cach\u00e9 puede permitir al atacante obtener informaci\u00f3n confidencial"}], "lastModified": "2024-11-21T06:49:32.247", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFA1950D-1D9F-4401-AA86-CF3028EFD286"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a57:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B00CD88D-5649-403F-A55A-BD49427D30FA"}, {"criteria": "cpe:2.3:h:arm:cortex-a65:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AEE41A45-7244-4A96-9A22-3BF57F9B7560"}, {"criteria": "cpe:2.3:h:arm:cortex-a65ae:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5693AF9C-8E4A-4BFD-AE1C-073CB3B5053D"}, {"criteria": "cpe:2.3:h:arm:cortex-a710:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7CEEC509-2A56-48F1-B388-3A8660D58FB5"}, {"criteria": "cpe:2.3:h:arm:cortex-a72:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "16E23102-964E-485D-8EFF-4B1BBFE6EDE4"}, {"criteria": "cpe:2.3:h:arm:cortex-a73:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "33B1374D-59E8-4FE5-AC6C-0323AB1DD60D"}, {"criteria": "cpe:2.3:h:arm:cortex-a75:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7C1DF922-1F46-41A6-A367-E56DD8C4163D"}, {"criteria": "cpe:2.3:h:arm:cortex-a76:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9E4FCA77-71D3-495E-BA2A-2953369E5DCC"}, {"criteria": "cpe:2.3:h:arm:cortex-a76ae:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9B08A239-BFC8-41EA-8A48-69F8DD7FC221"}, {"criteria": "cpe:2.3:h:arm:cortex-a77:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "514DE9F5-D826-42AA-B4CF-3EB09F4D3D5D"}, {"criteria": "cpe:2.3:h:arm:cortex-a78:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DDA3C472-D1E9-47B3-AFD0-BD274E3291F9"}, {"criteria": "cpe:2.3:h:arm:cortex-a78ae:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9E376B2A-430D-4D1D-BC28-92CD7E1E8564"}, {"criteria": "cpe:2.3:h:arm:cortex-r7:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "044039A3-2AC7-4685-B671-C9B9FFD4ED6E"}, {"criteria": "cpe:2.3:h:arm:cortex-r8:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AE2F2C6D-3F41-4C42-81E2-01A52AD035B8"}, {"criteria": "cpe:2.3:h:arm:cortex-x1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2FC9F68C-7D65-4D29-AAA1-BA43228C6208"}, {"criteria": "cpe:2.3:h:arm:cortex-x2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5D7FB822-DD26-402E-A413-EF55B6C01D07"}, {"criteria": "cpe:2.3:h:arm:neoverse-e1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A639E025-B946-4A84-88B9-2E5E655711CF"}, {"criteria": "cpe:2.3:h:arm:neoverse-v1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C3F388EB-8A46-43E1-9AB1-5832FBB9262A"}, {"criteria": "cpe:2.3:h:arm:neoverse_n1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "74C9E6FC-9C40-4105-9FB0-17013E1ABBB3"}, {"criteria": "cpe:2.3:h:arm:neoverse_n2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D2F2936E-A611-472E-8EF0-F336A19DF578"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-r7_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93C10475-AE35-4134-BB87-45544A62C942"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-r7:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "044039A3-2AC7-4685-B671-C9B9FFD4ED6E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-r8_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "477B6938-2314-487E-BB35-354B335AC642"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-r8:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AE2F2C6D-3F41-4C42-81E2-01A52AD035B8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a57_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68D895EC-B0A9-4292-AC64-60673F72C765"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a57:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B00CD88D-5649-403F-A55A-BD49427D30FA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a65_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE23799E-5B88-4631-B3D8-04BDB6A0795E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a65:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AEE41A45-7244-4A96-9A22-3BF57F9B7560"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a65ae_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18E54F07-38EA-4CCC-8F59-855D9251F818"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a65ae:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5693AF9C-8E4A-4BFD-AE1C-073CB3B5053D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a710_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AF7E5CA-95FF-4242-BD6E-8BDC185DA095"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a710:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7CEEC509-2A56-48F1-B388-3A8660D58FB5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a72_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38768B2B-F1A3-4A76-8716-9520CA075F3D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a72:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "16E23102-964E-485D-8EFF-4B1BBFE6EDE4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a73_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7173A6DC-4D4E-424C-A922-C16D67627834"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a73:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "33B1374D-59E8-4FE5-AC6C-0323AB1DD60D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a75_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A891447-2F1D-48B4-AA47-3CB7EA4FDC7C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a75:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7C1DF922-1F46-41A6-A367-E56DD8C4163D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a76_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08CC4E5E-2794-4893-9B45-E14A3F4CF159"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a76:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9E4FCA77-71D3-495E-BA2A-2953369E5DCC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a76ae_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6022C19-3C39-439E-AE6E-2319D831CF99"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a76ae:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9B08A239-BFC8-41EA-8A48-69F8DD7FC221"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a77_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "155A0C39-4D0A-4264-B392-46002908939C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a77:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "514DE9F5-D826-42AA-B4CF-3EB09F4D3D5D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a78_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96AB8C81-F441-4563-B5E0-B738DF4D1C50"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a78:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DDA3C472-D1E9-47B3-AFD0-BD274E3291F9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a78ae_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E30BECA7-C45A-423D-9200-98D51BE9C84C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a78ae:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9E376B2A-430D-4D1D-BC28-92CD7E1E8564"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-x1_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D200C1F-1909-4952-824F-A2D279B9B37E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-x1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2FC9F68C-7D65-4D29-AAA1-BA43228C6208"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-x2_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B749251-B873-4E37-BB5C-1D4C021205D3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-x2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5D7FB822-DD26-402E-A413-EF55B6C01D07"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arm:neoverse-e1_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2543729C-69F9-47C8-B5E4-87156BFFF32F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arm:neoverse-e1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A639E025-B946-4A84-88B9-2E5E655711CF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arm:neoverse-v1_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E32A1FF8-3A37-4D10-8DBB-3ECAA8A5F970"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arm:neoverse-v1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C3F388EB-8A46-43E1-9AB1-5832FBB9262A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arm:neoverse_n1_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4164A584-6F0D-4154-8FED-DC044CDE1FE7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arm:neoverse_n1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "74C9E6FC-9C40-4105-9FB0-17013E1ABBB3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arm:neoverse_n2_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B37176F-0AF4-4410-9C1F-4C5ED0051681"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arm:neoverse_n2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D2F2936E-A611-472E-8EF0-F336A19DF578"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}