Wind River Support Network

HomeDefectsLIN1021-3023
Fixed

LIN1021-3023 : Security Advisory - linux - CVE-2022-0001

Created: Mar 10, 2022    Updated: Nov 14, 2022
Resolved Date: Nov 14, 2022
Previous ID: LIN1019-7989
Found In Version: 10.21.20.9
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Kernel

Description

Branch History Injection (BHI) describes a specific form of intra-mode BTI (bug CVE-2022-0001), where an unprivileged attacker may manipulate branch history before transitioning to supervisor or VMX root mode in an effort to cause an indirect branch predictor to select a specific predictor entry for an indirect branch, and a disclosure gadget at the predicted target will transiently execute. This may be possible since the relevant branch history may contain branches taken in previous security contexts, and in particular, in other predictor modes.


CREATE(Triage):(User=admin) CVE-2022-0001 (https://nvd.nist.gov/vuln/detail/CVE-2022-0001)

CVEs


Live chat
Online