#VU65007 Processor optimization removal or modification of security-critical code in ARM products


Vulnerability identifier: #VU65007

Vulnerability risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23960

CWE-ID: CWE-1037

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Cortex-R7
Hardware solutions / Firmware
Cortex-R8
Hardware solutions / Firmware
Cortex-A57
Hardware solutions / Firmware
Cortex-A65
Hardware solutions / Firmware
Cortex-A65AE
Hardware solutions / Firmware
Cortex-A72
Hardware solutions / Firmware
Cortex-A73
Hardware solutions / Firmware
Cortex-A75
Hardware solutions / Firmware
Cortex-A76
Hardware solutions / Firmware
Cortex-A77
Hardware solutions / Firmware
Cortex-A78
Hardware solutions / Firmware
Cortex-A78AE
Hardware solutions / Firmware
Cortex-A710
Hardware solutions / Firmware
Neoverse-E1
Hardware solutions / Firmware
Neoverse-N1
Hardware solutions / Firmware
Neoverse-V1
Hardware solutions / Firmware
Neoverse-N2
Hardware solutions / Firmware
Cortex-X1
Hardware solutions / Firmware
Cortex-X2
Hardware solutions / Firmware

Vendor: ARM

Description

The vulnerability allows a local user to obtain potentially sensitive information.

The vulnerability exists due to improper restrictions of cache speculation. A local user can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches and gain access to sensitive information.

The vulnerability was dubbed Spectre-BHB.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Cortex-R7: All versions

Cortex-R8: All versions

Cortex-A57: All versions

Cortex-A65: All versions

Cortex-A65AE: All versions

Cortex-A72: All versions

Cortex-A73: All versions

Cortex-A75: All versions

Cortex-A76: All versions

Cortex-A77: All versions

Cortex-A78: All versions

Cortex-A78AE: All versions

Cortex-A710: All versions

Neoverse-E1: All versions

Neoverse-N1: All versions

Neoverse-V1: All versions

Neoverse-N2: All versions

Cortex-X1: All versions

Cortex-X2: All versions

External links
http://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
http://developer.arm.com/support/arm-security-updates
http://www.openwall.com/lists/oss-security/2022/03/18/2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Amazon Linux AMI update for kernel
Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.13
Multiple vulnerabilities in OpenShift Container Platform 4.14
Red Hat Enterprise Linux 8.6 Extended Update Support update for kernel
Spectre-BHB vulnerability in Trusted Firmware-A
Multiple vulnerabilities in Google Android
Multiple vulnerabilities in Dell VxRail Appliance components
Multiple vulnerabilities in OpenShift Logging 5.5
Multiple vulnerabilities in Openshift Logging 5.3
Multiple vulnerabilities in Google Android