Bug 1197000 (CVE-2022-25368) - VUL-1: CVE-2022-25368: Ampere: Spectre BHB attack
Summary: VUL-1: CVE-2022-25368: Ampere: Spectre BHB attack
Status: RESOLVED FIXED
Alias: CVE-2022-25368
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: aarch64 All
: P4 - Low : Minor
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/325839/
Whiteboard: CVSSv3.1:SUSE:CVE-2022-25368:4.7:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2022-03-11 09:08 UTC by Marcus Meissner
Modified: 2024-06-12 11:59 UTC (History)
6 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2022-03-11 09:08:47 UTC 
CVE-2022-25368

Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared
branch history (stored in the CPU BHB) to influence mispredicted branches in the
victim's hardware context. Speculation caused by these mispredicted branches can
then potentially be used to cause cache allocation, which can then be used to
infer information that should be protected.

https://amperecomputing.com/products/security-bulletins/impact-of-spectre-bhb-on-ampere.html
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/spectre-bhb
Comment 2 Matthias Brugger 2022-04-25 15:16:58 UTC 
partner communicates that there are no additional kernel fixes needed.
Comment 3 Gabriele Sonnu 2024-06-12 11:59:38 UTC 
All done, closing.