Vulnerability-Lookup

WID-SEC-W-2022-0237

Vulnerability from csaf_certbund - Published: 2022-03-08 23:00 - Updated: 2024-02-20 23:00

Summary

Xen: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Xen ist ein Virtueller-Maschinen-Monitor (VMM), der Hardware (x86, IA-64, PowerPC) für die darauf laufenden Systeme (Domains) paravirtualisiert.

Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen in Xen ausnutzen, um Informationen offenzulegen.

Betroffene Betriebssysteme: - UNIX - Linux - Windows - Sonstiges

CVE-2021-26341

In Xen existieren mehrere Schwachstellen. Die Schwachstellen sind auf spekulative Ausführung zurückzuführen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen.

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Red Hat	`cpe:/a:redhat:openshift:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source CentOS Open Source	`cpe:/o:centos:centos:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2021-26401

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Red Hat	`cpe:/a:redhat:openshift:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source CentOS Open Source	`cpe:/o:centos:centos:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2022-0001

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Red Hat	`cpe:/a:redhat:openshift:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source CentOS Open Source	`cpe:/o:centos:centos:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2022-0002

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Red Hat	`cpe:/a:redhat:openshift:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source CentOS Open Source	`cpe:/o:centos:centos:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2022-23960

Affected products

Known affected 7 products

Product	Identifier	Version
Red Hat OpenShift Red Hat	`cpe:/a:redhat:openshift:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source CentOS Open Source	`cpe:/o:centos:centos:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

References

43 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://xenbits.xen.org/xsa/advisory-398.html	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
http://linux.oracle.com/errata/ELSA-2022-9244.html	external
http://linux.oracle.com/errata/ELSA-2022-9245.html	external
https://linux.oracle.com/errata/ELSA-2022-9273.html	external
https://linux.oracle.com/errata/ELSA-2022-9274.html	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
http://linux.oracle.com/errata/ELSA-2022-9314.html	external
http://linux.oracle.com/errata/ELSA-2022-9313.html	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2022:1975	external
http://linux.oracle.com/errata/ELSA-2022-9367.html	external
https://access.redhat.com/errata/RHSA-2022:1988	external
http://linux.oracle.com/errata/ELSA-2022-9366.html	external
https://ubuntu.com/security/notices/USN-5415-1	external
https://ubuntu.com/security/notices/USN-5418-1	external
https://ubuntu.com/security/notices/USN-5417-1	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://linux.oracle.com/errata/ELSA-2022-1988.html	external
https://access.redhat.com/errata/RHSA-2022:4956	external
https://lists.debian.org/debian-security-announce…	external
https://lists.debian.org/debian-lts-announce/2022…	external
https://access.redhat.com/errata/RHSA-2022:5483	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2022:7683	external
http://linux.oracle.com/errata/ELSA-2022-9999.html	external
https://access.redhat.com/errata/RHSA-2022:8781	external
https://access.redhat.com/errata/RHSA-2023:0187	external
https://linux.oracle.com/errata/ELSA-2023-0399.html	external
https://access.redhat.com/errata/RHSA-2023:0400	external
https://access.redhat.com/errata/RHSA-2023:0399	external
https://lists.centos.org/pipermail/centos-announc…	external
https://ubuntu.com/security/notices/USN-6001-1	external
http://linux.oracle.com/errata/ELSA-2023-0187.html	external
https://access.redhat.com/errata/RHSA-2024:0930	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Xen ist ein Virtueller-Maschinen-Monitor (VMM), der Hardware (x86, IA-64, PowerPC) f\u00fcr die darauf laufenden Systeme (Domains) paravirtualisiert.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Xen ausnutzen, um Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-0237 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0237.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-0237 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0237"
      },
      {
        "category": "external",
        "summary": "Xen Security Advisory: XSA-398 vom 2022-03-08",
        "url": "https://xenbits.xen.org/xsa/advisory-398.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:0931-1 vom 2022-03-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010501.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:0939-1 vom 2022-03-23",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010506.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:0940-1 vom 2022-03-23",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010504.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2022-9244 vom 2022-03-24",
        "url": "http://linux.oracle.com/errata/ELSA-2022-9244.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2022-9245 vom 2022-03-24",
        "url": "http://linux.oracle.com/errata/ELSA-2022-9245.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2022-9273 vom 2022-04-12",
        "url": "https://linux.oracle.com/errata/ELSA-2022-9273.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2022-9274 vom 2022-04-12",
        "url": "https://linux.oracle.com/errata/ELSA-2022-9274.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:1196-1 vom 2022-04-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010723.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:1285-1 vom 2022-04-20",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010779.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:1300-1 vom 2022-04-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010792.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:1375-1 vom 2022-04-25",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010821.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2022-9314 vom 2022-04-26",
        "url": "http://linux.oracle.com/errata/ELSA-2022-9314.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2022-9313 vom 2022-04-26",
        "url": "http://linux.oracle.com/errata/ELSA-2022-9313.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:1359-1 vom 2022-04-25",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010818.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:1408-1 vom 2022-04-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010836.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:1975 vom 2022-05-10",
        "url": "https://access.redhat.com/errata/RHSA-2022:1975"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2022-9367 vom 2022-05-10",
        "url": "http://linux.oracle.com/errata/ELSA-2022-9367.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:1988 vom 2022-05-10",
        "url": "https://access.redhat.com/errata/RHSA-2022:1988"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2022-9366 vom 2022-05-10",
        "url": "http://linux.oracle.com/errata/ELSA-2022-9366.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5415-1 vom 2022-05-12",
        "url": "https://ubuntu.com/security/notices/USN-5415-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5418-1 vom 2022-05-12",
        "url": "https://ubuntu.com/security/notices/USN-5418-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5417-1 vom 2022-05-12",
        "url": "https://ubuntu.com/security/notices/USN-5417-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:1651-1 vom 2022-05-12",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-May/010994.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2022-1988 vom 2022-05-17",
        "url": "https://linux.oracle.com/errata/ELSA-2022-1988.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:4956 vom 2022-06-09",
        "url": "https://access.redhat.com/errata/RHSA-2022:4956"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5173 vom 2022-07-03",
        "url": "https://lists.debian.org/debian-security-announce/2022/msg00141.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-3065 vom 2022-07-01",
        "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:5483 vom 2022-07-01",
        "url": "https://access.redhat.com/errata/RHSA-2022:5483"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:2723-1 vom 2022-08-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-August/011830.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:7683 vom 2022-11-08",
        "url": "https://access.redhat.com/errata/RHSA-2022:7683"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2022-9999 vom 2022-11-16",
        "url": "http://linux.oracle.com/errata/ELSA-2022-9999.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:8781 vom 2022-12-08",
        "url": "https://access.redhat.com/errata/RHSA-2022:8781"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:0187 vom 2023-01-17",
        "url": "https://access.redhat.com/errata/RHSA-2023:0187"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-0399 vom 2023-01-25",
        "url": "https://linux.oracle.com/errata/ELSA-2023-0399.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:0400 vom 2023-01-24",
        "url": "https://access.redhat.com/errata/RHSA-2023:0400"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:0399 vom 2023-01-24",
        "url": "https://access.redhat.com/errata/RHSA-2023:0399"
      },
      {
        "category": "external",
        "summary": "CentOS Security Advisory CESA-2023:0399 vom 2023-01-30",
        "url": "https://lists.centos.org/pipermail/centos-announce/2023-January/086370.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6001-1 vom 2023-04-06",
        "url": "https://ubuntu.com/security/notices/USN-6001-1"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-0187 vom 2023-10-24",
        "url": "http://linux.oracle.com/errata/ELSA-2023-0187.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:0930 vom 2024-02-21",
        "url": "https://access.redhat.com/errata/RHSA-2024:0930"
      }
    ],
    "source_lang": "en-US",
    "title": "Xen: Mehrere Schwachstellen erm\u00f6glichen Offenlegung von Informationen",
    "tracking": {
      "current_release_date": "2024-02-20T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:27:31.690+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2022-0237",
      "initial_release_date": "2022-03-08T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2022-03-08T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2022-03-13T23:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: FEDORA-2022-96B6341E4F"
        },
        {
          "date": "2022-03-15T23:00:00.000+00:00",
          "number": "3",
          "summary": "Referenz(en) aufgenommen: FEDORA-2022-011C2A9BA8"
        },
        {
          "date": "2022-03-17T23:00:00.000+00:00",
          "number": "4",
          "summary": "Referenz(en) aufgenommen: FEDORA-2022-531E531922"
        },
        {
          "date": "2022-03-21T23:00:00.000+00:00",
          "number": "5",
          "summary": "Referenz(en) aufgenommen: FEDORA-2022-CF87A9B146"
        },
        {
          "date": "2022-03-22T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-03-23T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-04-11T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2022-04-13T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-04-20T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-04-24T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-04-25T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von SUSE und Oracle Linux aufgenommen"
        },
        {
          "date": "2022-04-26T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-05-10T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
        },
        {
          "date": "2022-05-11T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2022-05-12T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-05-17T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2022-06-08T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-07-03T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Debian und Red Hat aufgenommen"
        },
        {
          "date": "2022-08-09T22:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-11-08T23:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-11-16T23:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2022-12-07T23:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-01-17T23:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-01-24T23:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
        },
        {
          "date": "2023-01-30T23:00:00.000+00:00",
          "number": "26",
          "summary": "Neue Updates von CentOS aufgenommen"
        },
        {
          "date": "2023-04-05T22:00:00.000+00:00",
          "number": "27",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-10-24T22:00:00.000+00:00",
          "number": "28",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-02-20T23:00:00.000+00:00",
          "number": "29",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "29"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source CentOS",
            "product": {
              "name": "Open Source CentOS",
              "product_id": "1727",
              "product_identification_helper": {
                "cpe": "cpe:/o:centos:centos:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 4.13.x",
                "product": {
                  "name": "Open Source Xen \u003c 4.13.x",
                  "product_id": "T016868"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c 4.14.x",
                "product": {
                  "name": "Open Source Xen \u003c 4.14.x",
                  "product_id": "T017527"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c 4.12.x",
                "product": {
                  "name": "Open Source Xen \u003c 4.12.x",
                  "product_id": "T018646"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c 4.15.x",
                "product": {
                  "name": "Open Source Xen \u003c 4.15.x",
                  "product_id": "T020268"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c 4.16.x",
                "product": {
                  "name": "Open Source Xen \u003c 4.16.x",
                  "product_id": "T022294"
                }
              }
            ],
            "category": "product_name",
            "name": "Xen"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Red Hat OpenShift",
            "product": {
              "name": "Red Hat OpenShift",
              "product_id": "T008027",
              "product_identification_helper": {
                "cpe": "cpe:/a:redhat:openshift:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-26341",
      "notes": [
        {
          "category": "description",
          "text": "In Xen existieren mehrere Schwachstellen. Die Schwachstellen sind auf spekulative Ausf\u00fchrung zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T008027",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "1727",
          "T004914"
        ]
      },
      "release_date": "2022-03-08T23:00:00.000+00:00",
      "title": "CVE-2021-26341"
    },
    {
      "cve": "CVE-2021-26401",
      "notes": [
        {
          "category": "description",
          "text": "In Xen existieren mehrere Schwachstellen. Die Schwachstellen sind auf spekulative Ausf\u00fchrung zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T008027",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "1727",
          "T004914"
        ]
      },
      "release_date": "2022-03-08T23:00:00.000+00:00",
      "title": "CVE-2021-26401"
    },
    {
      "cve": "CVE-2022-0001",
      "notes": [
        {
          "category": "description",
          "text": "In Xen existieren mehrere Schwachstellen. Die Schwachstellen sind auf spekulative Ausf\u00fchrung zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T008027",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "1727",
          "T004914"
        ]
      },
      "release_date": "2022-03-08T23:00:00.000+00:00",
      "title": "CVE-2022-0001"
    },
    {
      "cve": "CVE-2022-0002",
      "notes": [
        {
          "category": "description",
          "text": "In Xen existieren mehrere Schwachstellen. Die Schwachstellen sind auf spekulative Ausf\u00fchrung zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T008027",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "1727",
          "T004914"
        ]
      },
      "release_date": "2022-03-08T23:00:00.000+00:00",
      "title": "CVE-2022-0002"
    },
    {
      "cve": "CVE-2022-23960",
      "notes": [
        {
          "category": "description",
          "text": "In Xen existieren mehrere Schwachstellen. Die Schwachstellen sind auf spekulative Ausf\u00fchrung zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T008027",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "1727",
          "T004914"
        ]
      },
      "release_date": "2022-03-08T23:00:00.000+00:00",
      "title": "CVE-2022-23960"
    }
  ]
}

CVE-2021-26401 (GCVE-0-2021-26401)

Vulnerability from cvelistv5 – Published: 2022-03-11 17:54 – Updated: 2024-09-17 03:08

Summary

LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.

Severity ?

No CVSS data available.

CWE

Assigner

AMD

References

2 references

URL	Tags
https://www.amd.com/en/corporate/product-security…	x_refsource_MISC
http://www.openwall.com/lists/oss-security/2022/03/18/2	mailing-listx_refsource_MLIST

Impacted products

1 product

Vendor	Product	Version
AMD	AMD Processors	Unaffected: Processor Zen 3

Date Public ?

2022-03-08 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:26:25.203Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036"
          },
          {
            "name": "[oss-security] 20220318 Xen Security Advisory 398 v2 - Multiple speculative security issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/03/18/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "AMD Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Processor  Zen 3"
            }
          ]
        }
      ],
      "datePublic": "2022-03-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "NA",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-18T17:06:11.000Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036"
        },
        {
          "name": "[oss-security] 20220318 Xen Security Advisory 398 v2 - Multiple speculative security issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/03/18/2"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@amd.com",
          "DATE_PUBLIC": "2022-03-08T20:00:00.000Z",
          "ID": "CVE-2021-26401",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "AMD Processors",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "!",
                            "version_name": "Processor",
                            "version_value": "Zen 3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "AMD"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "NA"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036",
              "refsource": "MISC",
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036"
            },
            {
              "name": "[oss-security] 20220318 Xen Security Advisory 398 v2 - Multiple speculative security issues",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/03/18/2"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-26401",
    "datePublished": "2022-03-11T17:54:34.241Z",
    "dateReserved": "2021-01-29T00:00:00.000Z",
    "dateUpdated": "2024-09-17T03:08:13.328Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-26341 (GCVE-0-2021-26341)

Vulnerability from cvelistv5 – Published: 2022-03-11 17:54 – Updated: 2024-09-16 20:16

Summary

Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.

Severity ?

No CVSS data available.

CWE

Assigner

AMD

References

2 references

URL	Tags
https://www.amd.com/en/corporate/product-security…	x_refsource_MISC
http://www.openwall.com/lists/oss-security/2022/03/18/2	mailing-listx_refsource_MLIST

Impacted products

1 product

Vendor	Product	Version
AMD	AMD Processors	Unaffected: Processor Zen 3

Date Public ?

2022-03-08 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:26:24.678Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1026"
          },
          {
            "name": "[oss-security] 20220318 Xen Security Advisory 398 v2 - Multiple speculative security issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/03/18/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "AMD Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Processor  Zen 3"
            }
          ]
        }
      ],
      "datePublic": "2022-03-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "NA",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-18T17:06:13.000Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1026"
        },
        {
          "name": "[oss-security] 20220318 Xen Security Advisory 398 v2 - Multiple speculative security issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/03/18/2"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@amd.com",
          "DATE_PUBLIC": "2022-03-08T20:00:00.000Z",
          "ID": "CVE-2021-26341",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "AMD Processors",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "!",
                            "version_name": "Processor",
                            "version_value": "Zen 3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "AMD"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "NA"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1026",
              "refsource": "MISC",
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1026"
            },
            {
              "name": "[oss-security] 20220318 Xen Security Advisory 398 v2 - Multiple speculative security issues",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/03/18/2"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-26341",
    "datePublished": "2022-03-11T17:54:35.055Z",
    "dateReserved": "2021-01-29T00:00:00.000Z",
    "dateUpdated": "2024-09-16T20:16:42.726Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-23960 (GCVE-0-2022-23960)

Vulnerability from cvelistv5 – Published: 2022-03-12 23:57 – Updated: 2024-08-03 03:59

Summary

Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

5 references

URL	Tags
https://developer.arm.com/support/arm-security-up…	x_refsource_CONFIRM
https://developer.arm.com/support/arm-security-updates	x_refsource_MISC
http://www.openwall.com/lists/oss-security/2022/03/18/2	mailing-listx_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2022…	mailing-listx_refsource_MLIST
https://www.debian.org/security/2022/dsa-5173	vendor-advisoryx_refsource_DEBIAN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:59:23.170Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://developer.arm.com/support/arm-security-updates"
          },
          {
            "name": "[oss-security] 20220318 Xen Security Advisory 398 v2 - Multiple speculative security issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/03/18/2"
          },
          {
            "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
          },
          {
            "name": "DSA-5173",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5173"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-04T10:10:34.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://developer.arm.com/support/arm-security-updates"
        },
        {
          "name": "[oss-security] 20220318 Xen Security Advisory 398 v2 - Multiple speculative security issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/03/18/2"
        },
        {
          "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
        },
        {
          "name": "DSA-5173",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5173"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-23960",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
              "refsource": "CONFIRM",
              "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
            },
            {
              "name": "https://developer.arm.com/support/arm-security-updates",
              "refsource": "MISC",
              "url": "https://developer.arm.com/support/arm-security-updates"
            },
            {
              "name": "[oss-security] 20220318 Xen Security Advisory 398 v2 - Multiple speculative security issues",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/03/18/2"
            },
            {
              "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
            },
            {
              "name": "DSA-5173",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5173"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-23960",
    "datePublished": "2022-03-12T23:57:21.000Z",
    "dateReserved": "2022-01-26T00:00:00.000Z",
    "dateUpdated": "2024-08-03T03:59:23.170Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-0001 (GCVE-0-2022-0001)

Vulnerability from cvelistv5 – Published: 2022-03-11 00:00 – Updated: 2025-05-05 16:44

Summary

Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE

information disclosure

Assigner

intel

References

5 references

URL	Tags
https://www.intel.com/content/www/us/en/security-…
http://www.openwall.com/lists/oss-security/2022/03/18/2	mailing-list
https://www.oracle.com/security-alerts/cpujul2022.html
https://security.netapp.com/advisory/ntap-2022081…
https://www.kb.cert.org/vuls/id/155143	third-party-advisory

Impacted products

1 product

Vendor	Product	Version
n/a	Intel(R) Processors	Affected: See references

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-04-01T16:11:32.250Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.vicarius.io/vsociety/posts/cve-2022-0001-detect-specter-vulnerability?prevUrl=wizard"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/cve-2022-0001-mitigate-specter-vulnerability?prevUrl=wizard"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html"
          },
          {
            "name": "[oss-security] 20220318 Xen Security Advisory 398 v2 - Multiple speculative security issues",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/03/18/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220818-0004/"
          },
          {
            "name": "VU#155143",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/155143"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-0001",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:21:07.709784Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-05T16:44:34.239Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Intel(R) Processors",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "See references"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": " information disclosure ",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-09T15:05:59.454Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html"
        },
        {
          "name": "[oss-security] 20220318 Xen Security Advisory 398 v2 - Multiple speculative security issues",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/03/18/2"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220818-0004/"
        },
        {
          "name": "VU#155143",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.kb.cert.org/vuls/id/155143"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2022-0001",
    "datePublished": "2022-03-11T00:00:00.000Z",
    "dateReserved": "2021-10-15T00:00:00.000Z",
    "dateUpdated": "2025-05-05T16:44:34.239Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-0002 (GCVE-0-2022-0002)

Vulnerability from cvelistv5 – Published: 2022-03-11 17:54 – Updated: 2025-05-05 16:44

Summary

Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE

information disclosure

Assigner

intel

References

4 references

URL	Tags
https://www.intel.com/content/www/us/en/security-…	x_refsource_MISC
http://www.openwall.com/lists/oss-security/2022/03/18/2	mailing-listx_refsource_MLIST
https://www.oracle.com/security-alerts/cpujul2022.html	x_refsource_MISC
https://security.netapp.com/advisory/ntap-2022081…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
n/a	Intel(R) Processors	Affected: See references

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:18:41.442Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html"
          },
          {
            "name": "[oss-security] 20220318 Xen Security Advisory 398 v2 - Multiple speculative security issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/03/18/2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220818-0004/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-0002",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:21:05.799722Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-05T16:44:17.326Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Intel(R) Processors",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "See references"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": " information disclosure ",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-18T14:09:32.000Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html"
        },
        {
          "name": "[oss-security] 20220318 Xen Security Advisory 398 v2 - Multiple speculative security issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/03/18/2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220818-0004/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2022-0002",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Intel(R) Processors",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "See references"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": " information disclosure "
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html",
              "refsource": "MISC",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html"
            },
            {
              "name": "[oss-security] 20220318 Xen Security Advisory 398 v2 - Multiple speculative security issues",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/03/18/2"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220818-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220818-0004/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2022-0002",
    "datePublished": "2022-03-11T17:54:36.000Z",
    "dateReserved": "2021-10-15T00:00:00.000Z",
    "dateUpdated": "2025-05-05T16:44:17.326Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2022-0237

CVE-2021-26401 (GCVE-0-2021-26401)

CVE-2021-26341 (GCVE-0-2021-26341)

CVE-2022-23960 (GCVE-0-2022-23960)

CVE-2022-0001 (GCVE-0-2022-0001)

CVE-2022-0002 (GCVE-0-2022-0002)

Tags

Sightings

Nomenclature