Fixed
Created: Mar 10, 2022
Updated: Jun 28, 2022
Resolved Date: Jun 24, 2022
Found In Version: 10.17.41.1
Fix Version: 10.17.41.27
Severity: Standard
Applicable for: Wind River Linux LTS 17
Component/s: Kernel
Branch History Injection (BHI) describes a specific form of intra-mode BTI (bug CVE-2022-0001), where an unprivileged attacker may manipulate branch history before transitioning to supervisor or VMX root mode in an effort to cause an indirect branch predictor to select a specific predictor entry for an indirect branch, and a disclosure gadget at the predicted target will transiently execute. This may be possible since the relevant branch history may contain branches taken in previous security contexts, and in particular, in other predictor modes.
CREATE(Triage):(User=admin) CVE-2022-0001 (https://nvd.nist.gov/vuln/detail/CVE-2022-0001)