Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
0

CVE-2022-23960

Disclosure Date: March 13, 2022
CVE-2022-23960 CVSS v3 Base Score: 5.6
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
5.6 Medium
Impact Score:
4
Exploitability Score:
1.1
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Attack Vector (AV):
Local
Attack Complexity (AC):
High
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Changed
Confidentiality (C):
High
Integrity (I):
None
Availability (A):
None

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • arm,
  • debian,
  • xen

Products

  • cortex-a57 firmware -,
  • cortex-a65 firmware -,
  • cortex-a65ae firmware -,
  • cortex-a710 firmware -,
  • cortex-a72 firmware -,
  • cortex-a73 firmware -,
  • cortex-a75 firmware -,
  • cortex-a76 firmware -,
  • cortex-a76ae firmware -,
  • cortex-a77 firmware -,
  • cortex-a78 firmware -,
  • cortex-a78ae firmware -,
  • cortex-r7 firmware -,
  • cortex-r8 firmware -,
  • cortex-x1 firmware -,
  • cortex-x2 firmware -,
  • debian linux 10.0,
  • debian linux 9.0,
  • neoverse n1 firmware -,
  • neoverse n2 firmware -,
  • neoverse-e1 firmware -,
  • neoverse-v1 firmware -,
  • xen -
Technical Analysis