CVE-2022-23960
MEDIUMArm Cortex and Neoverse <2022-03-08 - Info Disclosure
Title source: llmDescription
Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.
References (5)
Core 5
Core References
Mitigation, Patch, Vendor Advisory x_refsource_confirm
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
Vendor Advisory x_refsource_misc
https://developer.arm.com/support/arm-security-updates
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2022/03/18/2
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2022/dsa-5173
Scores
CVSS v3
5.6
EPSS
0.0023
EPSS Percentile
45.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Details
Status
published
Products (23)
arm/cortex-a57_firmware
arm/cortex-a65_firmware
arm/cortex-a65ae_firmware
arm/cortex-a710_firmware
arm/cortex-a72_firmware
arm/cortex-a73_firmware
arm/cortex-a75_firmware
arm/cortex-a76_firmware
arm/cortex-a76ae_firmware
arm/cortex-a77_firmware
... and 13 more
Published
Mar 13, 2022
Tracked Since
Feb 18, 2026