{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*", "matchCriteriaId": "BFA1950D-1D9F-4401-AA86-CF3028EFD286", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a57:-:*:*:*:*:*:*:*", "matchCriteriaId": "B00CD88D-5649-403F-A55A-BD49427D30FA", "vulnerable": false}, {"criteria": "cpe:2.3:h:arm:cortex-a65:-:*:*:*:*:*:*:*", "matchCriteriaId": "AEE41A45-7244-4A96-9A22-3BF57F9B7560", "vulnerable": false}, {"criteria": "cpe:2.3:h:arm:cortex-a65ae:-:*:*:*:*:*:*:*", "matchCriteriaId": "5693AF9C-8E4A-4BFD-AE1C-073CB3B5053D", "vulnerable": false}, {"criteria": "cpe:2.3:h:arm:cortex-a710:-:*:*:*:*:*:*:*", "matchCriteriaId": "7CEEC509-2A56-48F1-B388-3A8660D58FB5", "vulnerable": false}, {"criteria": "cpe:2.3:h:arm:cortex-a72:-:*:*:*:*:*:*:*", "matchCriteriaId": "16E23102-964E-485D-8EFF-4B1BBFE6EDE4", "vulnerable": false}, {"criteria": "cpe:2.3:h:arm:cortex-a73:-:*:*:*:*:*:*:*", "matchCriteriaId": "33B1374D-59E8-4FE5-AC6C-0323AB1DD60D", "vulnerable": false}, {"criteria": "cpe:2.3:h:arm:cortex-a75:-:*:*:*:*:*:*:*", "matchCriteriaId": "7C1DF922-1F46-41A6-A367-E56DD8C4163D", "vulnerable": false}, {"criteria": "cpe:2.3:h:arm:cortex-a76:-:*:*:*:*:*:*:*", "matchCriteriaId": "9E4FCA77-71D3-495E-BA2A-2953369E5DCC", "vulnerable": false}, {"criteria": "cpe:2.3:h:arm:cortex-a76ae:-:*:*:*:*:*:*:*", "matchCriteriaId": "9B08A239-BFC8-41EA-8A48-69F8DD7FC221", "vulnerable": false}, {"criteria": "cpe:2.3:h:arm:cortex-a77:-:*:*:*:*:*:*:*", "matchCriteriaId": "514DE9F5-D826-42AA-B4CF-3EB09F4D3D5D", "vulnerable": false}, {"criteria": "cpe:2.3:h:arm:cortex-a78:-:*:*:*:*:*:*:*", "matchCriteriaId": "DDA3C472-D1E9-47B3-AFD0-BD274E3291F9", "vulnerable": false}, {"criteria": "cpe:2.3:h:arm:cortex-a78ae:-:*:*:*:*:*:*:*", "matchCriteriaId": "9E376B2A-430D-4D1D-BC28-92CD7E1E8564", "vulnerable": false}, {"criteria": "cpe:2.3:h:arm:cortex-r7:-:*:*:*:*:*:*:*", "matchCriteriaId": "044039A3-2AC7-4685-B671-C9B9FFD4ED6E", "vulnerable": false}, {"criteria": "cpe:2.3:h:arm:cortex-r8:-:*:*:*:*:*:*:*", "matchCriteriaId": "AE2F2C6D-3F41-4C42-81E2-01A52AD035B8", "vulnerable": false}, {"criteria": "cpe:2.3:h:arm:cortex-x1:-:*:*:*:*:*:*:*", "matchCriteriaId": "2FC9F68C-7D65-4D29-AAA1-BA43228C6208", "vulnerable": false}, {"criteria": "cpe:2.3:h:arm:cortex-x2:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D7FB822-DD26-402E-A413-EF55B6C01D07", "vulnerable": false}, {"criteria": "cpe:2.3:h:arm:neoverse-e1:-:*:*:*:*:*:*:*", "matchCriteriaId": "A639E025-B946-4A84-88B9-2E5E655711CF", "vulnerable": false}, {"criteria": "cpe:2.3:h:arm:neoverse-v1:-:*:*:*:*:*:*:*", "matchCriteriaId": "C3F388EB-8A46-43E1-9AB1-5832FBB9262A", "vulnerable": false}, {"criteria": "cpe:2.3:h:arm:neoverse_n1:-:*:*:*:*:*:*:*", "matchCriteriaId": "74C9E6FC-9C40-4105-9FB0-17013E1ABBB3", "vulnerable": false}, {"criteria": "cpe:2.3:h:arm:neoverse_n2:-:*:*:*:*:*:*:*", "matchCriteriaId": "D2F2936E-A611-472E-8EF0-F336A19DF578", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-r7_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "93C10475-AE35-4134-BB87-45544A62C942", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-r7:-:*:*:*:*:*:*:*", "matchCriteriaId": "044039A3-2AC7-4685-B671-C9B9FFD4ED6E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-r8_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "477B6938-2314-487E-BB35-354B335AC642", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-r8:-:*:*:*:*:*:*:*", "matchCriteriaId": "AE2F2C6D-3F41-4C42-81E2-01A52AD035B8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a57_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "68D895EC-B0A9-4292-AC64-60673F72C765", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a57:-:*:*:*:*:*:*:*", "matchCriteriaId": "B00CD88D-5649-403F-A55A-BD49427D30FA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a65_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "CE23799E-5B88-4631-B3D8-04BDB6A0795E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a65:-:*:*:*:*:*:*:*", "matchCriteriaId": "AEE41A45-7244-4A96-9A22-3BF57F9B7560", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a65ae_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "18E54F07-38EA-4CCC-8F59-855D9251F818", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a65ae:-:*:*:*:*:*:*:*", "matchCriteriaId": "5693AF9C-8E4A-4BFD-AE1C-073CB3B5053D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a710_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "2AF7E5CA-95FF-4242-BD6E-8BDC185DA095", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a710:-:*:*:*:*:*:*:*", "matchCriteriaId": "7CEEC509-2A56-48F1-B388-3A8660D58FB5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a72_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "38768B2B-F1A3-4A76-8716-9520CA075F3D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a72:-:*:*:*:*:*:*:*", "matchCriteriaId": "16E23102-964E-485D-8EFF-4B1BBFE6EDE4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a73_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7173A6DC-4D4E-424C-A922-C16D67627834", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a73:-:*:*:*:*:*:*:*", "matchCriteriaId": "33B1374D-59E8-4FE5-AC6C-0323AB1DD60D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a75_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7A891447-2F1D-48B4-AA47-3CB7EA4FDC7C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a75:-:*:*:*:*:*:*:*", "matchCriteriaId": "7C1DF922-1F46-41A6-A367-E56DD8C4163D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a76_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "08CC4E5E-2794-4893-9B45-E14A3F4CF159", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a76:-:*:*:*:*:*:*:*", "matchCriteriaId": "9E4FCA77-71D3-495E-BA2A-2953369E5DCC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a76ae_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D6022C19-3C39-439E-AE6E-2319D831CF99", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a76ae:-:*:*:*:*:*:*:*", "matchCriteriaId": "9B08A239-BFC8-41EA-8A48-69F8DD7FC221", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a77_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "155A0C39-4D0A-4264-B392-46002908939C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a77:-:*:*:*:*:*:*:*", "matchCriteriaId": "514DE9F5-D826-42AA-B4CF-3EB09F4D3D5D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a78_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "96AB8C81-F441-4563-B5E0-B738DF4D1C50", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a78:-:*:*:*:*:*:*:*", "matchCriteriaId": "DDA3C472-D1E9-47B3-AFD0-BD274E3291F9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a78ae_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E30BECA7-C45A-423D-9200-98D51BE9C84C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a78ae:-:*:*:*:*:*:*:*", "matchCriteriaId": "9E376B2A-430D-4D1D-BC28-92CD7E1E8564", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-x1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D200C1F-1909-4952-824F-A2D279B9B37E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-x1:-:*:*:*:*:*:*:*", "matchCriteriaId": "2FC9F68C-7D65-4D29-AAA1-BA43228C6208", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-x2_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7B749251-B873-4E37-BB5C-1D4C021205D3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-x2:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D7FB822-DD26-402E-A413-EF55B6C01D07", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:neoverse-e1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "2543729C-69F9-47C8-B5E4-87156BFFF32F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:neoverse-e1:-:*:*:*:*:*:*:*", "matchCriteriaId": "A639E025-B946-4A84-88B9-2E5E655711CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:neoverse-v1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E32A1FF8-3A37-4D10-8DBB-3ECAA8A5F970", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:neoverse-v1:-:*:*:*:*:*:*:*", "matchCriteriaId": "C3F388EB-8A46-43E1-9AB1-5832FBB9262A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:neoverse_n1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "4164A584-6F0D-4154-8FED-DC044CDE1FE7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:neoverse_n1:-:*:*:*:*:*:*:*", "matchCriteriaId": "74C9E6FC-9C40-4105-9FB0-17013E1ABBB3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:neoverse_n2_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7B37176F-0AF4-4410-9C1F-4C5ED0051681", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:neoverse_n2:-:*:*:*:*:*:*:*", "matchCriteriaId": "D2F2936E-A611-472E-8EF0-F336A19DF578", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information."}, {"lang": "es", "value": "Algunos procesadores Arm Cortex y Neoverse versiones hasta 08-03-2022 no restringen apropiadamente la especulaci\u00f3n de la cach\u00e9, tambi\u00e9n conocida como Spectre-BHB. Un atacante puede aprovechar el historial de bifurcaciones compartido en el Buffer del Historial de Bifurcaciones (BHB) para influir en las bifurcaciones predichas inapropiadamente. Entonces, la asignaci\u00f3n de la cach\u00e9 puede permitir al atacante obtener informaci\u00f3n confidencial"}], "id": "CVE-2022-23960", "lastModified": "2023-01-20T02:34:50.987", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-13T00:15:07.990", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/03/18/2"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://developer.arm.com/support/arm-security-updates"}, {"source": "cve@mitre.org", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5173"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}