What is CVE-2022-25368?

CVE-2022-25368 is a variant of Spectre-v2 called Spectre BHB, which allows malicious code to use shared branch history to influence mispredicted branches in the victim's hardware context.

How does CVE-2022-25368 work?

CVE-2022-25368 utilizes the shared branch history (stored in the CPU BHB) to cause cache allocation and potentially exploit speculation in the victim's hardware.

Which software is affected by CVE-2022-25368?

The Ampere Altra Max Firmware and Google Android (Neoverse-e1, Cortex-a65, Cortex-a65ae, Cortex-a72, Cortex-a73, Cortex-a75, Cortex-a76, Cortex-a76ae, Cortex-a77, Cortex-a78, Cortex-a78ae, Cortex-a78c, Cortex-x1) are affected by CVE-2022-25368.

What is the severity of CVE-2022-25368?

CVE-2022-25368 has a severity score of 4.7, which is considered medium.

Are Ampere Altra Max and Arm Neoverse-e1 vulnerable to CVE-2022-25368?

No, Ampere Altra Max and Arm Neoverse-e1 are not vulnerable to CVE-2022-25368.

Vulnerability/
CVE-2022-25368

medium

4.7

10/3/2022

16/3/2022

CVE-2022-25368

First published: Thu Mar 10 2022(Updated: )

Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim's hardware context. Speculation caused by these mispredicted branches can then potentially be used to cause cache allocation, which can then be used to infer information that should be protected.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Amperecomputing Ampere Altra Max Firmware
Amperecomputing Ampere Altra Max
Amperecomputing Ampere Altra Firmware
Amperecomputing Ampere Altra
Google Android
Arm Neoverse-e1
Google Android
Google Android
Arm Cortex-a57 Firmware
Arm Cortex-a57
Google Android
Arm Cortex-a65
Arm Cortex-a65ae Firmware
Google Android
Arm Cortex-a72 Firmware
Arm Cortex-a72
Arm Cortex-a73 Firmware
Arm Cortex-a73
Arm Cortex-a75 Firmware
Arm Cortex-a75
Arm Cortex-a76 Firmware
Arm Cortex-a76
Google Android
Google Android
Arm Cortex-a77 Firmware
Arm Cortex-a77
Arm Cortex-a78 Firmware
Arm Cortex-a78
Arm Cortex-a78ae Firmware
Arm Cortex-a78ae
Arm Cortex-a78c Firmware
Arm Cortex-a78c
Arm Cortex-x1 Firmware
Arm Cortex-x1
Google Android
Google Android
Arm Cortex-a710 Firmware
Google Android
Arm Cortex-a15 Firmware
Arm Cortex-a15
Arm Neoverse N1 Firmware
Arm Neoverse N1
Arm Neoverse N2 Firmware
Arm Neoverse N2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-25368?
CVE-2022-25368 is a variant of Spectre-v2 called Spectre BHB, which allows malicious code to use shared branch history to influence mispredicted branches in the victim's hardware context.
How does CVE-2022-25368 work?
CVE-2022-25368 utilizes the shared branch history (stored in the CPU BHB) to cause cache allocation and potentially exploit speculation in the victim's hardware.
Which software is affected by CVE-2022-25368?
The Ampere Altra Max Firmware and Google Android (Neoverse-e1, Cortex-a65, Cortex-a65ae, Cortex-a72, Cortex-a73, Cortex-a75, Cortex-a76, Cortex-a76ae, Cortex-a77, Cortex-a78, Cortex-a78ae, Cortex-a78c, Cortex-x1) are affected by CVE-2022-25368.
What is the severity of CVE-2022-25368?
CVE-2022-25368 has a severity score of 4.7, which is considered medium.
Are Ampere Altra Max and Arm Neoverse-e1 vulnerable to CVE-2022-25368?
No, Ampere Altra Max and Arm Neoverse-e1 are not vulnerable to CVE-2022-25368.