Researchers disclosed two new cache speculation vulnerability known as Branch History Injection (BHI) and Intra-mode BTI (IMBTI). A serials of Intel cpus are affected on it.
CVE-2022-0001(Medium): Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
CVE-2022-0002(Medium): Non-transparent sharing of branch predictor within a context in some Intel® Processors may allow an authorized user to potentially enable information disclosure via local access.
What software is known to be affected by these CVEs?
This is a security issue in CPU, mitigated by linux kernel(and microcode) update.
YES. This is a issue of CPU, if your CPU is affected, yes, the Windriver Linux system running on it is affected.
Different CPU need different mitigation method. All affected CPUs need kernel patch, seldom of them also need to upgrade microcode. For details please also see the affected processors table above.
With newest microcode and linux kernel, you need to disable unprivileged eBPF in runtime:
$ sudo sysctl kernel.unprivileged_bpf_disabled=1
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html
http://download.vusec.net/papers/bhi-spectre-bhb_sec22.pdf
We will port all necessary patches on all our supporting releases. We will continue to update this web page and once we have any progress you can get it here.
For any questions or requirements, please contact your local WR support team, or mail to security-alert@windriver.com directly.