Wind River Support Network

HomeSafety and Security NoticesWind River Security Vulnerability Notice: CVE-2022-23960 Spectre-BHB vulnerability on ARM CPU

Wind River Security Vulnerability Notice: CVE-2022-23960 Spectre-BHB vulnerability on ARM CPU

Released: Mar 9, 2022     Updated: Mar 8, 2022


Researchers disclosed a new cache speculation vulnerability known as Spectre-BHB. A serials of ARM cpus are affected on it.

Affected Product Versions

Wind River Linux 7, Wind River Linux 8, Wind River Linux LTS 21, Wind River Linux CD, Wind River Linux LTS 19, Wind River Linux LTS 18, Wind River Linux LTS 17, Wind River Linux 9, Wind River Linux 5, Wind River Linux 6


CVE-2022-23960(Medium): Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history (stored in the CPU Branch History Buffer, or BHB) to influence mispredicted branches within the victim's own hardware context. Once that occurs, speculation caused by mispredicted branches can be used to cause cache allocation, which can then be used to infer information that should not be accessible.

What software is known to be affected by these CVEs?

This is a security issue in CPU, mitigated by linux kernel update.

Is Wind River Linux affected by these CVE issues?

YES. This is a issue of CPU, so, if your CPU is affected, yes, the Windriver Linux system running on is affected.

Affected software components:

This is a hardware(CPU) issue.

Affected hardware:

A searials of ARM cpus, Details in:


A searials of source patch on linux kernel:

Additional References

We will port all necessary patches on all our supporting releases. We will continue to update this web page and once we have any progress you can get it here.

For any questions or requirements, please contact your local WR support team, or mail to directly.


  • 02/09/2022: Initial

Live chat