CVE-2022-23960
Published Mar 13, 2022
Last updated 2 years ago
Overview
- Description
- Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.6
- Impact score
- 4
- Exploitability score
- 1.1
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 1.9
- Impact score
- 2.9
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BFA1950D-1D9F-4401-AA86-CF3028EFD286"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:cortex-a57:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "B00CD88D-5649-403F-A55A-BD49427D30FA"
},
{
"criteria": "cpe:2.3:h:arm:cortex-a65:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "AEE41A45-7244-4A96-9A22-3BF57F9B7560"
},
{
"criteria": "cpe:2.3:h:arm:cortex-a65ae:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "5693AF9C-8E4A-4BFD-AE1C-073CB3B5053D"
},
{
"criteria": "cpe:2.3:h:arm:cortex-a710:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "7CEEC509-2A56-48F1-B388-3A8660D58FB5"
},
{
"criteria": "cpe:2.3:h:arm:cortex-a72:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "16E23102-964E-485D-8EFF-4B1BBFE6EDE4"
},
{
"criteria": "cpe:2.3:h:arm:cortex-a73:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "33B1374D-59E8-4FE5-AC6C-0323AB1DD60D"
},
{
"criteria": "cpe:2.3:h:arm:cortex-a75:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "7C1DF922-1F46-41A6-A367-E56DD8C4163D"
},
{
"criteria": "cpe:2.3:h:arm:cortex-a76:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "9E4FCA77-71D3-495E-BA2A-2953369E5DCC"
},
{
"criteria": "cpe:2.3:h:arm:cortex-a76ae:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "9B08A239-BFC8-41EA-8A48-69F8DD7FC221"
},
{
"criteria": "cpe:2.3:h:arm:cortex-a77:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "514DE9F5-D826-42AA-B4CF-3EB09F4D3D5D"
},
{
"criteria": "cpe:2.3:h:arm:cortex-a78:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "DDA3C472-D1E9-47B3-AFD0-BD274E3291F9"
},
{
"criteria": "cpe:2.3:h:arm:cortex-a78ae:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "9E376B2A-430D-4D1D-BC28-92CD7E1E8564"
},
{
"criteria": "cpe:2.3:h:arm:cortex-r7:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "044039A3-2AC7-4685-B671-C9B9FFD4ED6E"
},
{
"criteria": "cpe:2.3:h:arm:cortex-r8:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "AE2F2C6D-3F41-4C42-81E2-01A52AD035B8"
},
{
"criteria": "cpe:2.3:h:arm:cortex-x1:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2FC9F68C-7D65-4D29-AAA1-BA43228C6208"
},
{
"criteria": "cpe:2.3:h:arm:cortex-x2:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "5D7FB822-DD26-402E-A413-EF55B6C01D07"
},
{
"criteria": "cpe:2.3:h:arm:neoverse-e1:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A639E025-B946-4A84-88B9-2E5E655711CF"
},
{
"criteria": "cpe:2.3:h:arm:neoverse-v1:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "C3F388EB-8A46-43E1-9AB1-5832FBB9262A"
},
{
"criteria": "cpe:2.3:h:arm:neoverse_n1:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "74C9E6FC-9C40-4105-9FB0-17013E1ABBB3"
},
{
"criteria": "cpe:2.3:h:arm:neoverse_n2:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D2F2936E-A611-472E-8EF0-F336A19DF578"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:cortex-r7_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "93C10475-AE35-4134-BB87-45544A62C942"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:cortex-r7:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "044039A3-2AC7-4685-B671-C9B9FFD4ED6E"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:cortex-r8_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "477B6938-2314-487E-BB35-354B335AC642"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:cortex-r8:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "AE2F2C6D-3F41-4C42-81E2-01A52AD035B8"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:cortex-a57_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68D895EC-B0A9-4292-AC64-60673F72C765"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:cortex-a57:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "B00CD88D-5649-403F-A55A-BD49427D30FA"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:cortex-a65_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CE23799E-5B88-4631-B3D8-04BDB6A0795E"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:cortex-a65:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "AEE41A45-7244-4A96-9A22-3BF57F9B7560"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:cortex-a65ae_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "18E54F07-38EA-4CCC-8F59-855D9251F818"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:cortex-a65ae:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "5693AF9C-8E4A-4BFD-AE1C-073CB3B5053D"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:cortex-a710_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2AF7E5CA-95FF-4242-BD6E-8BDC185DA095"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:cortex-a710:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "7CEEC509-2A56-48F1-B388-3A8660D58FB5"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:cortex-a72_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38768B2B-F1A3-4A76-8716-9520CA075F3D"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:cortex-a72:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "16E23102-964E-485D-8EFF-4B1BBFE6EDE4"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:cortex-a73_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7173A6DC-4D4E-424C-A922-C16D67627834"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:cortex-a73:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "33B1374D-59E8-4FE5-AC6C-0323AB1DD60D"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:cortex-a75_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7A891447-2F1D-48B4-AA47-3CB7EA4FDC7C"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:cortex-a75:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "7C1DF922-1F46-41A6-A367-E56DD8C4163D"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:cortex-a76_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "08CC4E5E-2794-4893-9B45-E14A3F4CF159"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:cortex-a76:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "9E4FCA77-71D3-495E-BA2A-2953369E5DCC"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:cortex-a76ae_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D6022C19-3C39-439E-AE6E-2319D831CF99"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:cortex-a76ae:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "9B08A239-BFC8-41EA-8A48-69F8DD7FC221"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:cortex-a77_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "155A0C39-4D0A-4264-B392-46002908939C"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:cortex-a77:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "514DE9F5-D826-42AA-B4CF-3EB09F4D3D5D"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:cortex-a78_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "96AB8C81-F441-4563-B5E0-B738DF4D1C50"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:cortex-a78:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "DDA3C472-D1E9-47B3-AFD0-BD274E3291F9"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:cortex-a78ae_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E30BECA7-C45A-423D-9200-98D51BE9C84C"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:cortex-a78ae:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "9E376B2A-430D-4D1D-BC28-92CD7E1E8564"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:cortex-x1_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5D200C1F-1909-4952-824F-A2D279B9B37E"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:cortex-x1:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2FC9F68C-7D65-4D29-AAA1-BA43228C6208"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:cortex-x2_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7B749251-B873-4E37-BB5C-1D4C021205D3"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:cortex-x2:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "5D7FB822-DD26-402E-A413-EF55B6C01D07"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:neoverse-e1_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2543729C-69F9-47C8-B5E4-87156BFFF32F"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:neoverse-e1:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A639E025-B946-4A84-88B9-2E5E655711CF"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:neoverse-v1_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E32A1FF8-3A37-4D10-8DBB-3ECAA8A5F970"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:neoverse-v1:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "C3F388EB-8A46-43E1-9AB1-5832FBB9262A"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:neoverse_n1_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4164A584-6F0D-4154-8FED-DC044CDE1FE7"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:neoverse_n1:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "74C9E6FC-9C40-4105-9FB0-17013E1ABBB3"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:neoverse_n2_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7B37176F-0AF4-4410-9C1F-4C5ED0051681"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:neoverse_n2:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D2F2936E-A611-472E-8EF0-F336A19DF578"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
],
"operator": "OR"
}
]
}
]