CVE-2022-25368

moderate-risk
Published 2022-03-10

Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim's hardware context. Speculation caused by these mispredicted branches can then potentially be used to cause cache allocation, which can then be used to infer information that should be protected.

Do I need to act?

-
0.27% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.7/10 Medium
LOCAL / HIGH complexity

Affected Products (20)

Ampere Altra Max Firmware
Ampere Altra Firmware
Neoverse-E1 Firmware
Neoverse-V1 Firmware
Cortex-A57 Firmware
Cortex-A65 Firmware
Cortex-A65Ae Firmware
Cortex-A72 Firmware
Cortex-A73 Firmware
Cortex-A75 Firmware
Cortex-A76 Firmware
Cortex-A76Ae Firmware
Cortex-A77 Firmware
Cortex-A78 Firmware
Cortex-A78Ae Firmware
Cortex-A78C Firmware
Cortex-X1 Firmware
Cortex-X2 Firmware
Cortex-A710 Firmware

Affected Vendors

Arm Amperecomputing

References (6)

Vendor Advisory https://amperecomputing.com/products/security-bulletins/impact-of-spectre-bhb-on...
Third Party Advisory https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960
Patch https://developer.arm.com/support/arm-security-updates/speculative-processor-vul...
Vendor Advisory https://amperecomputing.com/products/security-bulletins/impact-of-spectre-bhb-on...
Third Party Advisory https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960
Patch https://developer.arm.com/support/arm-security-updates/speculative-processor-vul...
33
/ 100
moderate-risk
Severity 12/34 · Low
Exploitability 1/34 · Minimal
Exposure 20/34 · Moderate