First published: Tue Mar 08 2022(Updated: )
Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel | <0:4.18.0-425.3.1.el8 | 0:4.18.0-425.3.1.el8 |
Xen Xen | ||
Arm Cortex-a57 | ||
Arm Cortex-a65 | ||
Google Android | ||
Google Android | ||
Arm Cortex-a72 | ||
Arm Cortex-a73 | ||
Arm Cortex-a75 | ||
Arm Cortex-a76 | ||
Google Android | ||
Arm Cortex-a77 | ||
Arm Cortex-a78 | ||
Arm Cortex-a78ae | ||
Arm Cortex-r7 | ||
Arm Cortex-r8 | ||
Arm Cortex-x1 | ||
Google Android | ||
Arm Neoverse-e1 | ||
Google Android | ||
Arm Neoverse N1 | ||
Arm Neoverse N2 | ||
Arm Cortex-r7 Firmware | ||
Arm Cortex-r8 Firmware | ||
Arm Cortex-a57 Firmware | ||
Google Android | ||
Arm Cortex-a65ae Firmware | ||
Arm Cortex-a710 Firmware | ||
Arm Cortex-a72 Firmware | ||
Arm Cortex-a73 Firmware | ||
Arm Cortex-a75 Firmware | ||
Arm Cortex-a76 Firmware | ||
Google Android | ||
Arm Cortex-a77 Firmware | ||
Arm Cortex-a78 Firmware | ||
Arm Cortex-a78ae Firmware | ||
Arm Cortex-x1 Firmware | ||
Google Android | ||
Google Android | ||
Google Android | ||
Arm Neoverse N1 Firmware | ||
Arm Neoverse N2 Firmware | ||
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
All of | ||
Xen Xen | ||
Any of | ||
Arm Cortex-a57 | ||
Arm Cortex-a65 | ||
Google Android | ||
Google Android | ||
Arm Cortex-a72 | ||
Arm Cortex-a73 | ||
Arm Cortex-a75 | ||
Arm Cortex-a76 | ||
Google Android | ||
Arm Cortex-a77 | ||
Arm Cortex-a78 | ||
Arm Cortex-a78ae | ||
Arm Cortex-r7 | ||
Arm Cortex-r8 | ||
Arm Cortex-x1 | ||
Google Android | ||
Arm Neoverse-e1 | ||
Google Android | ||
Arm Neoverse N1 | ||
Arm Neoverse N2 | ||
All of | ||
Arm Cortex-r7 Firmware | ||
Arm Cortex-r7 | ||
All of | ||
Arm Cortex-r8 Firmware | ||
Arm Cortex-r8 | ||
All of | ||
Arm Cortex-a57 Firmware | ||
Arm Cortex-a57 | ||
All of | ||
Google Android | ||
Arm Cortex-a65 | ||
All of | ||
Arm Cortex-a65ae Firmware | ||
Google Android | ||
All of | ||
Arm Cortex-a710 Firmware | ||
Google Android | ||
All of | ||
Arm Cortex-a72 Firmware | ||
Arm Cortex-a72 | ||
All of | ||
Arm Cortex-a73 Firmware | ||
Arm Cortex-a73 | ||
All of | ||
Arm Cortex-a75 Firmware | ||
Arm Cortex-a75 | ||
All of | ||
Arm Cortex-a76 Firmware | ||
Arm Cortex-a76 | ||
All of | ||
Google Android | ||
Google Android | ||
All of | ||
Arm Cortex-a77 Firmware | ||
Arm Cortex-a77 | ||
All of | ||
Arm Cortex-a78 Firmware | ||
Arm Cortex-a78 | ||
All of | ||
Arm Cortex-a78ae Firmware | ||
Arm Cortex-a78ae | ||
All of | ||
Arm Cortex-x1 Firmware | ||
Arm Cortex-x1 | ||
All of | ||
Google Android | ||
Google Android | ||
All of | ||
Google Android | ||
Arm Neoverse-e1 | ||
All of | ||
Google Android | ||
Google Android | ||
All of | ||
Arm Neoverse N1 Firmware | ||
Arm Neoverse N1 | ||
All of | ||
Arm Neoverse N2 Firmware | ||
Arm Neoverse N2 | ||
Google Android | ||
ubuntu/linux | <4.15.0-184.194 | 4.15.0-184.194 |
ubuntu/linux | <5.4.0-117.132 | 5.4.0-117.132 |
ubuntu/linux | <5.13.0-35.40 | 5.13.0-35.40 |
ubuntu/linux | <5.17~ | 5.17~ |
ubuntu/linux-aws | <4.15.0-1133.143 | 4.15.0-1133.143 |
ubuntu/linux-aws | <5.4.0-1078.84 | 5.4.0-1078.84 |
ubuntu/linux-aws | <5.13.0-1017.19 | 5.13.0-1017.19 |
ubuntu/linux-aws | <5.17~ | 5.17~ |
ubuntu/linux-aws-5.0 | <5.17~ | 5.17~ |
ubuntu/linux-aws-5.11 | <5.17~ | 5.17~ |
ubuntu/linux-aws-5.13 | <5.13.0-1017.19~20.04.1 | 5.13.0-1017.19~20.04.1 |
ubuntu/linux-aws-5.13 | <5.17~ | 5.17~ |
ubuntu/linux-aws-5.15 | <5.17~ | 5.17~ |
ubuntu/linux-aws-5.3 | <5.17~ | 5.17~ |
ubuntu/linux-aws-5.4 | <5.4.0-1078.84~18.04.1 | 5.4.0-1078.84~18.04.1 |
ubuntu/linux-aws-5.4 | <5.17~ | 5.17~ |
ubuntu/linux-aws-5.8 | <5.17~ | 5.17~ |
ubuntu/linux-aws-hwe | <5.17~ | 5.17~ |
ubuntu/linux-aws-hwe | <4.15.0-1133.143~16.04.1 | 4.15.0-1133.143~16.04.1 |
ubuntu/linux-azure | <5.4.0-1083.87 | 5.4.0-1083.87 |
ubuntu/linux-azure | <5.13.0-1017.19 | 5.13.0-1017.19 |
ubuntu/linux-azure | <4.15.0-1142.156~14.04.1 | 4.15.0-1142.156~14.04.1 |
ubuntu/linux-azure | <5.17~ | 5.17~ |
ubuntu/linux-azure | <4.15.0-1142.156~16.04.1 | 4.15.0-1142.156~16.04.1 |
ubuntu/linux-azure-4.15 | <4.15.0-1142.156 | 4.15.0-1142.156 |
ubuntu/linux-azure-4.15 | <5.17~ | 5.17~ |
ubuntu/linux-azure-5.11 | <5.17~ | 5.17~ |
ubuntu/linux-azure-5.13 | <5.13.0-1017.19~20.04.1 | 5.13.0-1017.19~20.04.1 |
ubuntu/linux-azure-5.13 | <5.17~ | 5.17~ |
ubuntu/linux-azure-5.15 | <5.17~ | 5.17~ |
ubuntu/linux-azure-5.3 | <5.17~ | 5.17~ |
ubuntu/linux-azure-5.4 | <5.4.0-1083.87~18.04.1 | 5.4.0-1083.87~18.04.1 |
ubuntu/linux-azure-5.4 | <5.17~ | 5.17~ |
ubuntu/linux-azure-edge | <5.17~ | 5.17~ |
ubuntu/linux-azure-fde | <5.4.0-1083.87 | 5.4.0-1083.87 |
ubuntu/linux-azure-fde | <5.15.0-1002.3 | 5.15.0-1002.3 |
ubuntu/linux-azure-fde | <5.17~ | 5.17~ |
ubuntu/linux-azure-fde-5.15 | <5.17~ | 5.17~ |
ubuntu/linux-bluefield | <5.4.0-1040.44 | 5.4.0-1040.44 |
ubuntu/linux-bluefield | <5.17~ | 5.17~ |
ubuntu/linux-dell300x | <4.15.0-1047.52 | 4.15.0-1047.52 |
ubuntu/linux-dell300x | <5.17~ | 5.17~ |
ubuntu/linux-fips | <5.17~ | 5.17~ |
ubuntu/linux-gcp-5.15 | <5.17~ | 5.17~ |
ubuntu/linux-gke-5.15 | <5.17~ | 5.17~ |
ubuntu/linux-hwe | <5.17~ | 5.17~ |
ubuntu/linux-hwe | <4.15.0-184.194~16.04.1 | 4.15.0-184.194~16.04.1 |
ubuntu/linux-hwe-5.11 | <5.17~ | 5.17~ |
ubuntu/linux-hwe-5.13 | <5.13.0-35.40~20.04.1 | 5.13.0-35.40~20.04.1 |
ubuntu/linux-hwe-5.13 | <5.17~ | 5.17~ |
ubuntu/linux-hwe-5.15 | <5.17~ | 5.17~ |
ubuntu/linux-hwe-5.4 | <5.4.0-117.132~18.04.1 | 5.4.0-117.132~18.04.1 |
ubuntu/linux-hwe-5.4 | <5.17~ | 5.17~ |
ubuntu/linux-hwe-5.8 | <5.17~ | 5.17~ |
ubuntu/linux-hwe-edge | <5.17~ | 5.17~ |
ubuntu/linux-ibm | <5.4.0-1026.29 | 5.4.0-1026.29 |
ubuntu/linux-ibm | <5.17~ | 5.17~ |
ubuntu/linux-ibm-5.4 | <5.4.0-1028.32~18.04.1 | 5.4.0-1028.32~18.04.1 |
ubuntu/linux-ibm-5.4 | <5.17~ | 5.17~ |
ubuntu/linux-intel-5.13 | <5.13.0-1010.10 | 5.13.0-1010.10 |
ubuntu/linux-intel-5.13 | <5.17~ | 5.17~ |
ubuntu/linux-intel-iotg | <5.17~ | 5.17~ |
ubuntu/linux-intel-iotg-5.15 | <5.15.0-1008.11~20.04.1 | 5.15.0-1008.11~20.04.1 |
ubuntu/linux-intel-iotg-5.15 | <5.17~ | 5.17~ |
ubuntu/linux-kvm | <4.15.0-1119.123 | 4.15.0-1119.123 |
ubuntu/linux-kvm | <5.4.0-1068.72 | 5.4.0-1068.72 |
ubuntu/linux-kvm | <5.13.0-1016.17 | 5.13.0-1016.17 |
ubuntu/linux-kvm | <5.17~ | 5.17~ |
ubuntu/linux-lowlatency | <5.17~ | 5.17~ |
ubuntu/linux-lowlatency-hwe-5.15 | <5.17~ | 5.17~ |
ubuntu/linux-lts-xenial | <5.17~ | 5.17~ |
ubuntu/linux-oem | <5.17~ | 5.17~ |
ubuntu/linux-oem-5.10 | <5.17~ | 5.17~ |
ubuntu/linux-oem-5.13 | <5.17~ | 5.17~ |
ubuntu/linux-oem-5.14 | <5.14.0-1033.36 | 5.14.0-1033.36 |
ubuntu/linux-oem-5.17 | <5.17~ | 5.17~ |
ubuntu/linux-oem-5.6 | <5.17~ | 5.17~ |
ubuntu/linux-oem-6.0 | <5.17~ | 5.17~ |
ubuntu/linux-oem-6.1 | <5.17~ | 5.17~ |
ubuntu/linux-oem-osp1 | <5.17~ | 5.17~ |
ubuntu/linux-oracle | <4.15.0-1098.108 | 4.15.0-1098.108 |
ubuntu/linux-oracle | <5.4.0-1076.83 | 5.4.0-1076.83 |
ubuntu/linux-oracle | <5.13.0-1021.26 | 5.13.0-1021.26 |
ubuntu/linux-oracle | <5.17~ | 5.17~ |
ubuntu/linux-oracle | <4.15.0-1098.108~16.04.1 | 4.15.0-1098.108~16.04.1 |
ubuntu/linux-oracle-5.0 | <5.17~ | 5.17~ |
ubuntu/linux-oracle-5.11 | <5.17~ | 5.17~ |
ubuntu/linux-oracle-5.13 | <5.13.0-1021.26~20.04.1 | 5.13.0-1021.26~20.04.1 |
ubuntu/linux-oracle-5.13 | <5.17~ | 5.17~ |
ubuntu/linux-oracle-5.15 | <5.17~ | 5.17~ |
ubuntu/linux-oracle-5.3 | <5.17~ | 5.17~ |
ubuntu/linux-oracle-5.4 | <5.4.0-1076.83~18.04.1 | 5.4.0-1076.83~18.04.1 |
ubuntu/linux-raspi | <5.4.0-1065.75 | 5.4.0-1065.75 |
ubuntu/linux-raspi | <5.13.0-1020.22 | 5.13.0-1020.22 |
ubuntu/linux-raspi | <5.17~ | 5.17~ |
ubuntu/linux-raspi-5.4 | <5.4.0-1065.75~18.04.1 | 5.4.0-1065.75~18.04.1 |
ubuntu/linux-raspi-5.4 | <5.17~ | 5.17~ |
ubuntu/linux-raspi2 | <4.15.0-1114.122 | 4.15.0-1114.122 |
ubuntu/linux-raspi2 | <5.17~ | 5.17~ |
ubuntu/linux-raspi2-5.3 | <5.17~ | 5.17~ |
ubuntu/linux-riscv | <5.17~ | 5.17~ |
ubuntu/linux-riscv-5.11 | <5.17~ | 5.17~ |
ubuntu/linux-riscv-5.8 | <5.17~ | 5.17~ |
ubuntu/linux-snapdragon | <4.15.0-1132.142 | 4.15.0-1132.142 |
ubuntu/linux-snapdragon | <5.17~ | 5.17~ |
debian/linux | 4.19.249-2 4.19.304-1 5.10.209-2 5.10.205-2 6.1.76-1 6.1.85-1 6.6.15-2 6.7.12-1 |
Disabling unprivileged eBPF effectively mitigates the known attack vectors for exploiting intra-mode branch injections attacks. The default Red Hat Enterprise Linux kernel prevents unprivileged users from being able to use eBPF by the kernel.unprivileged_bpf_disabled sysctl. For the Red Hat Enterprise Linux 7, the eBPF for unprivileged users is always disabled. For the Red Hat Enterprise Linux 8 to confirm the current state, inspect the sysctl with the command: # cat /proc/sys/kernel/unprivileged_bpf_disabled The setting of 1 would mean that unprivileged users can not use eBPF, mitigating the flaw.
To mitigate the primary known attack vector, disable unprivileged eBPF: $ sudo sysctl kernel.unprivileged_bpf_disabled=1 or $ sudo sysctl kernel.unprivileged_bpf_disabled=2
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)