CVE-2022-25368
MEDIUMAmpere Altra Max Firmware - Information Disclosure via Spectre BHB
Title source: llmDescription
Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim's hardware context. Speculation caused by these mispredicted branches can then potentially be used to cause cache allocation, which can then be used to infer information that should be protected.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://amperecomputing.com/products/security-bulletins/impact-of-spectre-bhb-on-ampere.html
Third Party Advisory, VDB Entry x_refsource_confirm
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960
Patch, Technical Description, Vendor Advisory x_refsource_misc
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/spectre-bhb
Scores
CVSS v3
4.7
EPSS
0.0027
EPSS Percentile
50.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
Status
published
Products (22)
amperecomputing/ampere_altra_firmware
amperecomputing/ampere_altra_max_firmware
arm/cortex-a15_firmware
arm/cortex-a57_firmware
arm/cortex-a65_firmware
arm/cortex-a65ae_firmware
arm/cortex-a710_firmware
arm/cortex-a72_firmware
arm/cortex-a73_firmware
arm/cortex-a75_firmware
... and 12 more
Published
Mar 10, 2022
Tracked Since
Feb 18, 2026