{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-3006", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-02T06:41:04.104Z", "dateReserved": "2023-05-31T00:00:00", "datePublished": "2023-05-31T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-05-31T00:00:00"}, "descriptions": [{"lang": "en", "value": "A known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, becomes actual again for the new hw AmpereOne. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history (stored in the CPU Branch History Buffer, or BHB) to influence mispredicted branches within the victim's hardware context. Once that occurs, speculation caused by the mispredicted branches can cause cache allocation. This issue leads to obtaining information that should not be accessible."}], "affected": [{"vendor": "n/a", "product": "Kernel", "versions": [{"version": "Linux Kernel 6.1-rc1", "status": "affected"}]}], "references": [{"url": "https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git/commit/?id=0e5d5ae837c8"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-226", "cweId": "CWE-226"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:41:04.104Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git/commit/?id=0e5d5ae837c8", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "E7E331DA-1FB0-4DEC-91AC-7DA69D461C11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, becomes actual again for the new hw AmpereOne. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history (stored in the CPU Branch History Buffer, or BHB) to influence mispredicted branches within the victim's hardware context. Once that occurs, speculation caused by the mispredicted branches can cause cache allocation. This issue leads to obtaining information that should not be accessible."}], "id": "CVE-2023-3006", "lastModified": "2023-06-08T02:38:11.807", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-31T20:15:11.127", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git/commit/?id=0e5d5ae837c8"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-212"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-226"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:3462", "cpe": "cpe:/o:redhat:rhel_eus:8.6", "package": "kernel-0:4.18.0-372.105.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-05-29T00:00:00Z"}, {"advisory": "RHSA-2024:3462", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "kernel-0:4.18.0-372.105.1.el8_6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2024-05-29T00:00:00Z"}], "bugzilla": {"description": "RHEL: Add Spectre-BHB mitigation for AmpereOne", "id": "2141026", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141026"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-226", "details": ["A known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, becomes actual again for the new hw AmpereOne. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history (stored in the CPU Branch History Buffer, or BHB) to influence mispredicted branches within the victim's hardware context. Once that occurs, speculation caused by the mispredicted branches can cause cache allocation. This issue leads to obtaining information that should not be accessible.", "A known cache speculation vulnerability, the Branch History Injection (BHI) or Spectre-BHB, was found in new hw (that are cores Cortex: A57, A72, A76, A77, A78, A78AE, A78C, A710, X1, X2; Neoverse: N1, N2, V1; Ampere1). Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history (stored in the CPU Branch History Buffer, or BHB) to influence mispredicted branches within the victim's hardware context. Once that occurs, speculation caused by the mispredicted branches can cause cache allocation. This issue leads to information disclosure."], "mitigation": {"lang": "en:us", "value": "Disabling unprivileged eBPF effectively mitigates the known attack vectors for exploiting intra-mode branch injections attacks.\nThe default Red Hat Enterprise Linux kernel prevents unprivileged users from being able to use eBPF by the kernel.unprivileged_bpf_disabled sysctl.\nFor the Red Hat Enterprise Linux 7, the eBPF for unprivileged users is always disabled.\nFor the Red Hat Enterprise Linux 8 to confirm the current state, inspect the sysctl with the command:\n# cat /proc/sys/kernel/unprivileged_bpf_disabled\nThe setting of 1 would mean that unprivileged users can not use eBPF, mitigating the flaw."}, "name": "CVE-2023-3006", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-11-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-3006\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3006\nhttps://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git/commit/?id=0e5d5ae837c8"], "statement": "The current known mechanisms to exploit this issue rely on unprivileged eBPF functionality. Unprivileged eBPF is disabled by default on Red Hat Enterprise Linux.", "threat_severity": "Moderate", "upstream_fix": "Linux Kernel 6.1-rc1"}