CVE-2022-23960

Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*
OR cpe:2.3:h:arm:cortex-a57:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-a65:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-a65ae:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-a710:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-a72:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-a73:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-a75:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-a76:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-a76ae:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-a77:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-a78:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-a78ae:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-r7:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-r8:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-x1:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-x2:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:neoverse-e1:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:neoverse-v1:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:neoverse_n1:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:neoverse_n2:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:arm:cortex-r7_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-r7:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:arm:cortex-r8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-r8:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:arm:cortex-a57_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-a57:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:arm:cortex-a65_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-a65:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:arm:cortex-a65ae_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-a65ae:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:arm:cortex-a710_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-a710:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:arm:cortex-a72_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-a72:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:arm:cortex-a73_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-a73:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:arm:cortex-a75_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-a75:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:arm:cortex-a76_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-a76:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:arm:cortex-a76ae_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-a76ae:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:arm:cortex-a77_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-a77:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:arm:cortex-a78_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-a78:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:arm:cortex-a78ae_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-a78ae:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:arm:cortex-x1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-x1:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:arm:cortex-x2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-x2:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:arm:neoverse-e1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:neoverse-e1:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:arm:neoverse-v1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:neoverse-v1:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:arm:neoverse_n1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:neoverse_n1:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:arm:neoverse_n2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:neoverse_n2:-:*:*:*:*:*:*:*

Configuration 22 (hide)

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

History

21 Nov 2024, 06:49

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2022/03/18/2 - Mailing List, Patch, Third Party Advisory () http://www.openwall.com/lists/oss-security/2022/03/18/2 - Mailing List, Patch, Third Party Advisory
References () https://developer.arm.com/support/arm-security-updates - Vendor Advisory () https://developer.arm.com/support/arm-security-updates - Vendor Advisory
References () https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability - Mitigation, Patch, Vendor Advisory () https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability - Mitigation, Patch, Vendor Advisory
References () https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html - Mailing List, Third Party Advisory
References () https://www.debian.org/security/2022/dsa-5173 - Third Party Advisory () https://www.debian.org/security/2022/dsa-5173 - Third Party Advisory

Information

Published : 2022-03-13 00:15

Updated : 2024-11-21 06:49


NVD link : CVE-2022-23960

Mitre link : CVE-2022-23960

CVE.ORG link : CVE-2022-23960


JSON object : View

Products Affected

arm

  • cortex-a710
  • cortex-a75_firmware
  • cortex-a75
  • cortex-x1_firmware
  • cortex-a78
  • cortex-a77_firmware
  • cortex-r8_firmware
  • cortex-a78ae_firmware
  • neoverse_n2_firmware
  • cortex-r7_firmware
  • cortex-a76ae_firmware
  • cortex-x2_firmware
  • neoverse-v1_firmware
  • cortex-a76
  • cortex-a57
  • cortex-a73_firmware
  • cortex-a65ae_firmware
  • neoverse-e1_firmware
  • neoverse-v1
  • cortex-a710_firmware
  • cortex-r7
  • cortex-a78_firmware
  • cortex-a72
  • cortex-a65ae
  • cortex-a65
  • cortex-a76_firmware
  • cortex-x1
  • cortex-a78ae
  • cortex-a72_firmware
  • cortex-a77
  • cortex-x2
  • neoverse-e1
  • cortex-a65_firmware
  • neoverse_n1
  • neoverse_n2
  • neoverse_n1_firmware
  • cortex-r8
  • cortex-a76ae
  • cortex-a73
  • cortex-a57_firmware

xen

  • xen

debian

  • debian_linux