Home > Vulnerability Database > CVE-2022-23960

Mend.io Vulnerability Database

CVE-2022-23960

Date: March 12, 2022

Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.

Severity Score

5.6

Related Resources (11)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-23960

Url: https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability

Url: https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html

Url: https://access.redhat.com/security/cve/CVE-2022-23960

Url: https://security-tracker.debian.org/tracker/CVE-2022-23960

Url: https://developer.arm.com/support/arm-security-updates

Url: https://www.debian.org/security/2022/dsa-5173

Url: http://www.openwall.com/lists/oss-security/2022/03/18/2

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2022-23960

Url: https://security.alpinelinux.org/vuln/CVE-2022-23960

Url: https://www.mend.io/vulnerability-database/CVE-2022-23960

Severity Score

5.6

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	1.9
Access Vector (AV):	LOCAL
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2022-23960

Date: March 12, 2022

Severity Score

Related Resources (11)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?