Vulnerability CVE-2022-23960

Vulnerability Name:

CVE-2022-23960 (CCN-221218)

Assigned:

2022-03-08

Published:

2022-03-08

Updated:

2023-01-20

Summary:

Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.

CVSS v3 Severity:

5.6 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)
4.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

4.7 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)
4.1 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

4.7 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)
4.1 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

CVSS v2 Severity:

1.9 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

3.8 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): None Availibility (A): None

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2022-23960

Source: cve@mitre.org
Type: Mailing List, Patch, Third Party Advisory
cve@mitre.org

Source: CCN
Type: Xen Security Advisory XSA-398
Multiple speculative security issues

Source: cve@mitre.org
Type: Vendor Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mitigation, Patch, Vendor Advisory
cve@mitre.org

Source: XF
Type: UNKNOWN
xen-cve202223960-info-disc(221218)

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Configuration CCN 1:

cpe:/a:xensource:xen:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8029	P	kernel-docs-5.14.21-150500.53.2 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:8090	P	reiserfs-kmp-default-5.14.21-150500.53.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7437	P	arm-trusted-firmware-2.6-150400.4.7 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7539	P	kernel-64kb-5.14.21-150500.53.2 on GA media (Moderate)	2023-06-12
oval:com.redhat.rhsa:def:20227683	P	RHSA-2022:7683: kernel security, bug fix, and enhancement update (Moderate)	2022-11-08
oval:org.opensuse.security:def:3453	P	clamav-0.101.3-1.19 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3567	P	libXtst6-1.2.2-7.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3398	P	wpa_supplicant-2.6-15.10.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3448	P	busybox-1.21.1-3.3 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94590	P	kernel-64kb-5.14.21-150400.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2865	P	arm-trusted-firmware-2.6-150400.4.7 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95197	P	kernel-default-extra-5.14.21-150400.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95028	P	kernel-docs-5.14.21-150400.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2960	P	kernel-64kb-5.14.21-150400.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95078	P	reiserfs-kmp-default-5.14.21-150400.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94495	P	arm-trusted-firmware-2.6-150400.4.7 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95083	P	kernel-azure-5.14.21-150400.12.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:6034	P	Security update for the Linux Kernel (Important)	2022-05-12
oval:org.opensuse.security:def:5220	P	Security update for the Linux Kernel (Important)	2022-04-14
oval:org.opensuse.security:def:6009	P	Security update for the Linux Kernel (Important)	2022-04-14
oval:org.opensuse.security:def:4294	P	Security update for the Linux Kernel (Important)	2022-04-14
oval:org.opensuse.security:def:4573	P	Security update for the Linux Kernel (Important)	2022-04-14
oval:org.opensuse.security:def:6327	P	Security update for the Linux Kernel (Important)	2022-04-14

BACK