cve-2022-23960
Vulnerability from cvelistv5
Published
2022-03-12 23:57
Modified
2024-08-03 03:59
Severity ?
Summary
Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:59:23.170Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://developer.arm.com/support/arm-security-updates"
          },
          {
            "name": "[oss-security] 20220318 Xen Security Advisory 398 v2 - Multiple speculative security issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/03/18/2"
          },
          {
            "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
          },
          {
            "name": "DSA-5173",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5173"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-04T10:10:34",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://developer.arm.com/support/arm-security-updates"
        },
        {
          "name": "[oss-security] 20220318 Xen Security Advisory 398 v2 - Multiple speculative security issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/03/18/2"
        },
        {
          "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
        },
        {
          "name": "DSA-5173",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5173"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-23960",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
              "refsource": "CONFIRM",
              "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
            },
            {
              "name": "https://developer.arm.com/support/arm-security-updates",
              "refsource": "MISC",
              "url": "https://developer.arm.com/support/arm-security-updates"
            },
            {
              "name": "[oss-security] 20220318 Xen Security Advisory 398 v2 - Multiple speculative security issues",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/03/18/2"
            },
            {
              "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
            },
            {
              "name": "DSA-5173",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5173"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-23960",
    "datePublished": "2022-03-12T23:57:21",
    "dateReserved": "2022-01-26T00:00:00",
    "dateUpdated": "2024-08-03T03:59:23.170Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-23960\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-03-13T00:15:07.990\",\"lastModified\":\"2024-11-21T06:49:32.247\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.\"},{\"lang\":\"es\",\"value\":\"Algunos procesadores Arm Cortex y Neoverse versiones hasta 08-03-2022 no restringen apropiadamente la especulaci\u00f3n de la cach\u00e9, tambi\u00e9n conocida como Spectre-BHB. Un atacante puede aprovechar el historial de bifurcaciones compartido en el Buffer del Historial de Bifurcaciones (BHB) para influir en las bifurcaciones predichas inapropiadamente. Entonces, la asignaci\u00f3n de la cach\u00e9 puede permitir al atacante obtener informaci\u00f3n confidencial\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":5.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.1,\"impactScore\":4.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":1.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.4,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFA1950D-1D9F-4401-AA86-CF3028EFD286\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:cortex-a57:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B00CD88D-5649-403F-A55A-BD49427D30FA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:cortex-a65:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEE41A45-7244-4A96-9A22-3BF57F9B7560\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:cortex-a65ae:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5693AF9C-8E4A-4BFD-AE1C-073CB3B5053D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:cortex-a710:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CEEC509-2A56-48F1-B388-3A8660D58FB5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:cortex-a72:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16E23102-964E-485D-8EFF-4B1BBFE6EDE4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:cortex-a73:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33B1374D-59E8-4FE5-AC6C-0323AB1DD60D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:cortex-a75:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C1DF922-1F46-41A6-A367-E56DD8C4163D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:cortex-a76:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E4FCA77-71D3-495E-BA2A-2953369E5DCC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:cortex-a76ae:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B08A239-BFC8-41EA-8A48-69F8DD7FC221\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:cortex-a77:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"514DE9F5-D826-42AA-B4CF-3EB09F4D3D5D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:cortex-a78:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDA3C472-D1E9-47B3-AFD0-BD274E3291F9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:cortex-a78ae:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E376B2A-430D-4D1D-BC28-92CD7E1E8564\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:cortex-r7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"044039A3-2AC7-4685-B671-C9B9FFD4ED6E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:cortex-r8:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE2F2C6D-3F41-4C42-81E2-01A52AD035B8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:cortex-x1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FC9F68C-7D65-4D29-AAA1-BA43228C6208\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:cortex-x2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D7FB822-DD26-402E-A413-EF55B6C01D07\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:neoverse-e1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A639E025-B946-4A84-88B9-2E5E655711CF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:neoverse-v1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3F388EB-8A46-43E1-9AB1-5832FBB9262A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:neoverse_n1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74C9E6FC-9C40-4105-9FB0-17013E1ABBB3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:neoverse_n2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2F2936E-A611-472E-8EF0-F336A19DF578\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arm:cortex-r7_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93C10475-AE35-4134-BB87-45544A62C942\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:cortex-r7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"044039A3-2AC7-4685-B671-C9B9FFD4ED6E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arm:cortex-r8_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"477B6938-2314-487E-BB35-354B335AC642\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:cortex-r8:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE2F2C6D-3F41-4C42-81E2-01A52AD035B8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arm:cortex-a57_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68D895EC-B0A9-4292-AC64-60673F72C765\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:cortex-a57:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B00CD88D-5649-403F-A55A-BD49427D30FA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arm:cortex-a65_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE23799E-5B88-4631-B3D8-04BDB6A0795E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:cortex-a65:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEE41A45-7244-4A96-9A22-3BF57F9B7560\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arm:cortex-a65ae_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18E54F07-38EA-4CCC-8F59-855D9251F818\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:cortex-a65ae:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5693AF9C-8E4A-4BFD-AE1C-073CB3B5053D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arm:cortex-a710_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AF7E5CA-95FF-4242-BD6E-8BDC185DA095\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:cortex-a710:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CEEC509-2A56-48F1-B388-3A8660D58FB5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arm:cortex-a72_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38768B2B-F1A3-4A76-8716-9520CA075F3D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:cortex-a72:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16E23102-964E-485D-8EFF-4B1BBFE6EDE4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arm:cortex-a73_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7173A6DC-4D4E-424C-A922-C16D67627834\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:cortex-a73:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33B1374D-59E8-4FE5-AC6C-0323AB1DD60D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arm:cortex-a75_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A891447-2F1D-48B4-AA47-3CB7EA4FDC7C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:cortex-a75:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C1DF922-1F46-41A6-A367-E56DD8C4163D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arm:cortex-a76_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08CC4E5E-2794-4893-9B45-E14A3F4CF159\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:cortex-a76:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E4FCA77-71D3-495E-BA2A-2953369E5DCC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arm:cortex-a76ae_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6022C19-3C39-439E-AE6E-2319D831CF99\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:cortex-a76ae:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B08A239-BFC8-41EA-8A48-69F8DD7FC221\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arm:cortex-a77_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"155A0C39-4D0A-4264-B392-46002908939C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:cortex-a77:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"514DE9F5-D826-42AA-B4CF-3EB09F4D3D5D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arm:cortex-a78_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96AB8C81-F441-4563-B5E0-B738DF4D1C50\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:cortex-a78:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDA3C472-D1E9-47B3-AFD0-BD274E3291F9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arm:cortex-a78ae_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30BECA7-C45A-423D-9200-98D51BE9C84C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:cortex-a78ae:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E376B2A-430D-4D1D-BC28-92CD7E1E8564\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arm:cortex-x1_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D200C1F-1909-4952-824F-A2D279B9B37E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:cortex-x1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FC9F68C-7D65-4D29-AAA1-BA43228C6208\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arm:cortex-x2_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B749251-B873-4E37-BB5C-1D4C021205D3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:cortex-x2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D7FB822-DD26-402E-A413-EF55B6C01D07\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arm:neoverse-e1_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2543729C-69F9-47C8-B5E4-87156BFFF32F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:neoverse-e1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A639E025-B946-4A84-88B9-2E5E655711CF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arm:neoverse-v1_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E32A1FF8-3A37-4D10-8DBB-3ECAA8A5F970\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:neoverse-v1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3F388EB-8A46-43E1-9AB1-5832FBB9262A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arm:neoverse_n1_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4164A584-6F0D-4154-8FED-DC044CDE1FE7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:neoverse_n1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74C9E6FC-9C40-4105-9FB0-17013E1ABBB3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arm:neoverse_n2_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B37176F-0AF4-4410-9C1F-4C5ED0051681\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:neoverse_n2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2F2936E-A611-472E-8EF0-F336A19DF578\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2022/03/18/2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://developer.arm.com/support/arm-security-updates\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5173\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/03/18/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://developer.arm.com/support/arm-security-updates\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5173\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.