Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-48251 | 1 Arm | 20 Cortex-a53, Cortex-a53 Firmware, Cortex-a55 and 17 more | 2024-11-21 | N/A | 7.5 HIGH |
The AES instructions on the ARMv8 platform do not have an algorithm that is "intrinsically resistant" to side-channel attacks. NOTE: the vendor reportedly offers the position "while power side channel attacks ... are possible, they are not directly caused by or related to the Arm architecture." | |||||
CVE-2022-25368 | 2 Amperecomputing, Arm | 44 Ampere Altra, Ampere Altra Firmware, Ampere Altra Max and 41 more | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim's hardware context. Speculation caused by these mispredicted branches can then potentially be used to cause cache allocation, which can then be used to infer information that should be protected. | |||||
CVE-2022-23960 | 3 Arm, Debian, Xen | 42 Cortex-a57, Cortex-a57 Firmware, Cortex-a65 and 39 more | 2024-11-21 | 1.9 LOW | 5.6 MEDIUM |
Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information. | |||||
CVE-2020-13844 | 2 Arm, Opensuse | 15 Cortex-a32, Cortex-a32 Firmware, Cortex-a34 and 12 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation." | |||||
CVE-2017-5753 | 13 Arm, Canonical, Debian and 10 more | 387 Cortex-a12, Cortex-a12 Firmware, Cortex-a15 and 384 more | 2024-11-21 | 4.7 MEDIUM | 5.6 MEDIUM |
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. |