Cyber Resilience

CVE-2022-23960

Medium

Published: 13 March 2022

Published
13 March 2022
Modified
21 November 2024
KEV Added
Patch
18 March 2022
CVSS Score v3.1 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS Score 0.0023 45.8th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-23960 is a medium-severity an unspecified weakness vulnerability in Arm Cortex-A57. Its CVSS base score is 5.6 (Medium).

Operationally, ranked at the 45.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the…

more

attacker to obtain sensitive information.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

xen
xen
all versions
arm
cortex-r7 firmware
all versions
arm
cortex-r8 firmware
all versions
arm
cortex-a57 firmware
all versions
arm
cortex-a65 firmware
all versions
arm
cortex-a65ae firmware
all versions
arm
cortex-a710 firmware
all versions
arm
cortex-a72 firmware
all versions
arm
cortex-a73 firmware
all versions
arm
cortex-a75 firmware
all versions
+12 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References