CVE-2022-25368
Summary
| CVE | CVE-2022-25368 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-03-10 17:47:00 UTC |
| Updated | 2022-03-16 03:40:00 UTC |
| Description | Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim's hardware context. Speculation caused by these mispredicted branches can then potentially be used to cause cache allocation, which can then be used to infer information that should be protected. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Amperecomputing | Ampere Altra | - | All | All | All |
| Operating System | Amperecomputing | Ampere Altra Firmware | - | All | All | All |
| Hardware | Amperecomputing | Ampere Altra Max | - | All | All | All |
| Operating System | Amperecomputing | Ampere Altra Max Firmware | - | All | All | All |
| Hardware | Arm | Cortex-a15 | - | All | All | All |
| Operating System | Arm | Cortex-a15 Firmware | - | All | All | All |
| Hardware | Arm | Cortex-a57 | - | All | All | All |
| Operating System | Arm | Cortex-a57 Firmware | - | All | All | All |
| Hardware | Arm | Cortex-a65 | - | All | All | All |
| Hardware | Arm | Cortex-a65ae | - | All | All | All |
| Operating System | Arm | Cortex-a65ae Firmware | - | All | All | All |
| Operating System | Arm | Cortex-a65 Firmware | - | All | All | All |
| Hardware | Arm | Cortex-a710 | - | All | All | All |
| Operating System | Arm | Cortex-a710 Firmware | - | All | All | All |
| Hardware | Arm | Cortex-a72 | - | All | All | All |
| Operating System | Arm | Cortex-a72 Firmware | - | All | All | All |
| Hardware | Arm | Cortex-a73 | - | All | All | All |
| Operating System | Arm | Cortex-a73 Firmware | - | All | All | All |
| Hardware | Arm | Cortex-a75 | - | All | All | All |
| Operating System | Arm | Cortex-a75 Firmware | - | All | All | All |
| Hardware | Arm | Cortex-a76 | - | All | All | All |
| Hardware | Arm | Cortex-a76ae | - | All | All | All |
| Operating System | Arm | Cortex-a76ae Firmware | - | All | All | All |
| Operating System | Arm | Cortex-a76 Firmware | - | All | All | All |
| Hardware | Arm | Cortex-a77 | - | All | All | All |
| Operating System | Arm | Cortex-a77 Firmware | - | All | All | All |
| Hardware | Arm | Cortex-a78 | - | All | All | All |
| Hardware | Arm | Cortex-a78ae | - | All | All | All |
| Operating System | Arm | Cortex-a78ae Firmware | - | All | All | All |
| Hardware | Arm | Cortex-a78c | - | All | All | All |
| Operating System | Arm | Cortex-a78c Firmware | - | All | All | All |
| Operating System | Arm | Cortex-a78 Firmware | - | All | All | All |
| Hardware | Arm | Cortex-x1 | - | All | All | All |
| Operating System | Arm | Cortex-x1 Firmware | - | All | All | All |
| Hardware | Arm | Cortex-x2 | - | All | All | All |
| Operating System | Arm | Cortex-x2 Firmware | - | All | All | All |
| Hardware | Arm | Neoverse-e1 | - | All | All | All |
| Operating System | Arm | Neoverse-e1 Firmware | - | All | All | All |
| Hardware | Arm | Neoverse-v1 | - | All | All | All |
| Operating System | Arm | Neoverse-v1 Firmware | - | All | All | All |
| Hardware | Arm | Neoverse N1 | - | All | All | All |
| Operating System | Arm | Neoverse N1 Firmware | - | All | All | All |
| Hardware | Arm | Neoverse N2 | - | All | All | All |
| Operating System | Arm | Neoverse N2 Firmware | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Impact of Spectre BHB on Ampere | MISC | amperecomputing.com | |
| CVE - CVE-2022-23960 | CONFIRM | cve.mitre.org | |
| Speculative Processor Vulnerability | Spectre-BHB – Arm Developer | MISC | developer.arm.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.