Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the malicious user to obtain sensitive information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xen xen - |
||
arm cortex-r7_firmware - |
||
arm cortex-r8_firmware - |
||
arm cortex-a57_firmware - |
||
arm cortex-a65_firmware - |
||
arm cortex-a65ae_firmware - |
||
arm cortex-a710_firmware - |
||
arm cortex-a72_firmware - |
||
arm cortex-a73_firmware - |
||
arm cortex-a75_firmware - |
||
arm cortex-a76_firmware - |
||
arm cortex-a76ae_firmware - |
||
arm cortex-a77_firmware - |
||
arm cortex-a78_firmware - |
||
arm cortex-a78ae_firmware - |
||
arm cortex-x1_firmware - |
||
arm cortex-x2_firmware - |
||
arm neoverse-e1_firmware - |
||
arm neoverse-v1_firmware - |
||
arm neoverse_n1_firmware - |
||
arm neoverse_n2_firmware - |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Plus: Nasty no-auth RCE in TCP/IP stack, and many more updates
Patch Tuesday September's Patch Tuesday is here and it brings, among other things, fixes from Microsoft for one security bug that miscreants have used to fully take over Windows systems along with details of a second vulnerability that, while not yet under attack, has already been publicly disclosed. In total, Redmond patched or addressed 62 security flaws today. This batch includes five "critical" remote code execution (RCE) vulnerabilities, and Microsoft ranked the rest as "important." The bug...
Get our weekly newsletter Your processor design fell off the vulnerability tree and hit every branch on the way down
Analysis Intel this month published an advisory to address a novel Spectre v2 vulnerability in its processors that can be exploited by malware to steal data from memory that should otherwise be off limits. Arm said a number of its processor cores are also affected by this security flaw, and like Intel, its hardware defenses can't block it outright, leaving developers to implement software-level mitigations. The latest Spectre revival, identified by academics at VU Amsterdam, is known as Branch H...