CVE-2022-2196

CVSS v3.1 8.8 (High)

EPSS 0.04 % (17^th)

Affected Products 2

Advisories 34

A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a

Weaknesses

CWE-1188: Initialization of a Resource with an Insecure Default

CVE Status: PUBLISHED
CNA: Google Inc.
Published Date: 2023-01-09 11:15:10
(20 months ago)
Updated Date: 2023-08-18 18:56:16
(13 months ago)

Affected Products

Debian

Debian Linux

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel from 5.4.47 version and prior 5.4.233 version	cpe:2.3:o:linux:linux_kernel	>= 5.4.47	< 5.4.233
Linux Kernel from 5.6.19 version and prior 5.7 version	cpe:2.3:o:linux:linux_kernel	>= 5.6.19	< 5.7
Linux Kernel from 5.7.3 version and prior 5.10.170 version	cpe:2.3:o:linux:linux_kernel	>= 5.7.3	< 5.10.170
Linux Kernel from 5.11 version and prior 5.15.96 version	cpe:2.3:o:linux:linux_kernel	>= 5.11	< 5.15.96
Linux Kernel from 5.16 version and prior 6.1.14 version	cpe:2.3:o:linux:linux_kernel	>= 5.16	< 6.1.14

Configuration #2

		CPE23	From	Up To
	Debian Linux 10.0	cpe:2.3:o:debian:debian_linux:10.0