Vulnerability CVE-2022-25368 - CERT Civis.Net

Vulnerability Name:

CVE-2022-25368 (CCN-221352)

Assigned:

2022-03-08

Published:

2022-03-08

Updated:

2022-03-16

Summary:

Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim's hardware context. Speculation caused by these mispredicted branches can then potentially be used to cause cache allocation, which can then be used to infer information that should be protected.

CVSS v3 Severity:

4.7 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)
4.1 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

6.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N)
5.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): None

CVSS v2 Severity:

1.9 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.5 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:C/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2022-25368

Source: CCN
Type: AMP-SB-0001
Impact of Spectre BHB on Ampere

Source: MISC
Type: Vendor Advisory
https://amperecomputing.com/products/security-bulletins/impact-of-spectre-bhb-on-ampere.html

Source: CONFIRM
Type: Third Party Advisory, VDB Entry
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960

Source: CCN
Type: Arm Developer Web site
Spectre-BHB

Source: MISC
Type: Patch, Technical Description, Vendor Advisory
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/spectre-bhb

Source: XF
Type: UNKNOWN
arm-cve202225368-info-disc(221352)

Vulnerable Configuration:

Configuration 1:

cpe:/o:amperecomputing:ampere_altra_max_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:amperecomputing:ampere_altra_max:-:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:amperecomputing:ampere_altra_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:amperecomputing:ampere_altra:-:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:arm:neoverse-e1_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:arm:neoverse-e1:-:*:*:*:*:*:*:*

Configuration 4:

cpe:/o:arm:neoverse-v1_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:arm:neoverse-v1:-:*:*:*:*:*:*:*

Configuration 5:

cpe:/o:arm:cortex-a57_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:arm:cortex-a57:-:*:*:*:*:*:*:*

Configuration 6:

cpe:/o:arm:cortex-a65_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:arm:cortex-a65:-:*:*:*:*:*:*:*

Configuration 7:

cpe:/o:arm:cortex-a65ae_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:arm:cortex-a65ae:-:*:*:*:*:*:*:*

Configuration 8:

cpe:/o:arm:cortex-a72_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:arm:cortex-a72:-:*:*:*:*:*:*:*

Configuration 9:

cpe:/o:arm:cortex-a73_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:arm:cortex-a73:-:*:*:*:*:*:*:*

Configuration 10:

cpe:/o:arm:cortex-a75_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:arm:cortex-a75:-:*:*:*:*:*:*:*

Configuration 11:

cpe:/o:arm:cortex-a76_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:arm:cortex-a76:-:*:*:*:*:*:*:*

Configuration 12:

cpe:/o:arm:cortex-a76ae_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:arm:cortex-a76ae:-:*:*:*:*:*:*:*

Configuration 13:

cpe:/o:arm:cortex-a77_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:arm:cortex-a77:-:*:*:*:*:*:*:*

Configuration 14:

cpe:/o:arm:cortex-a78_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:arm:cortex-a78:-:*:*:*:*:*:*:*

Configuration 15:

cpe:/o:arm:cortex-a78ae_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:arm:cortex-a78ae:-:*:*:*:*:*:*:*

Configuration 16:

cpe:/o:arm:cortex-a78c_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:arm:cortex-a78c:-:*:*:*:*:*:*:*

Configuration 17:

cpe:/o:arm:cortex-x1_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:arm:cortex-x1:-:*:*:*:*:*:*:*

Configuration 18:

cpe:/o:arm:cortex-x2_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:arm:cortex-x2:-:*:*:*:*:*:*:*

Configuration 19:

cpe:/o:arm:cortex-a710_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:arm:cortex-a710:-:*:*:*:*:*:*:*

Configuration 20:

cpe:/o:arm:cortex-a15_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:arm:cortex-a15:-:*:*:*:*:*:*:*

Configuration 21:

cpe:/o:arm:neoverse_n1_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:arm:neoverse_n1:-:*:*:*:*:*:*:*

Configuration 22:

cpe:/o:arm:neoverse_n2_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:arm:neoverse_n2:-:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/h:arm:cortex-a:15:*:*:*:*:*:*:*

OR cpe:/h:arm:cortex-a:57:*:*:*:*:*:*:*

OR cpe:/h:arm:cortex-a:72:*:*:*:*:*:*:*

OR cpe:/h:arm:cortex-a:73:*:*:*:*:*:*:*

OR cpe:/h:arm:cortex-a:75:*:*:*:*:*:*:*

OR cpe:/h:arm:cortex-a:76:*:*:*:*:*:*:*

OR cpe:/h:arm:cortex-a77:-:*:*:*:*:*:*:*

OR cpe:/h:arm:cortex-a78:-:*:*:*:*:*:*:*

OR cpe:/h:arm:cortex-a78ae:-:*:*:*:*:*:*:*

OR cpe:/h:arm:cortex-x1:-:*:*:*:*:*:*:*

Denotes that component is vulnerable