CVE-2022-25368

MEDIUM

Spectre BHB - Info Disclosure

Title source: llm

Description

Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim's hardware context. Speculation caused by these mispredicted branches can then potentially be used to cause cache allocation, which can then be used to infer information that should be protected.

References (3)

[Vendor Advisory] https://amperecomputing.com/products/security-bulletins/impact-of-spectre-bhb-on-ampere.html

[Third Party Advisory, VDB Entry] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960

[Patch, Technical Description, Vendor Advisory] https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/spectre-bhb

Scores

CVSS v3 4.7

EPSS 0.0027

EPSS Percentile 50.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

Status published

Affected Products (22)

amperecomputing/ampere_altra_max_firmware

amperecomputing/ampere_altra_firmware

arm/neoverse-e1_firmware

arm/neoverse-v1_firmware

arm/cortex-a57_firmware

arm/cortex-a65_firmware

arm/cortex-a65ae_firmware

arm/cortex-a72_firmware

arm/cortex-a73_firmware

arm/cortex-a75_firmware

arm/cortex-a76_firmware

arm/cortex-a76ae_firmware

arm/cortex-a77_firmware

arm/cortex-a78_firmware

arm/cortex-a78ae_firmware

... and 7 more

Timeline

Published Mar 10, 2022

Tracked Since Feb 18, 2026