Researchers disclosed a new cache speculation vulnerability known as Spectre-BHB. A serials of ARM cpus are affected on it.
CVE-2022-23960(Medium): Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history (stored in the CPU Branch History Buffer, or BHB) to influence mispredicted branches within the victim's own hardware context. Once that occurs, speculation caused by mispredicted branches can be used to cause cache allocation, which can then be used to infer information that should not be accessible.
What software is known to be affected by these CVEs?
This is a security issue in CPU, mitigated by linux kernel update.
YES. This is a issue of CPU, so, if your CPU is affected, yes, the Windriver Linux system running on is affected.
A searials of source patch on linux kernel: https://git.kernel.org/pub/scm/linux/kernel/git/morse/linux.git/log/?h=spectre-bhb/v5.17
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
We will port all necessary patches on all our supporting releases. We will continue to update this web page and once we have any progress you can get it here.
For any questions or requirements, please contact your local WR support team, or mail to security-alert@windriver.com directly.
