CVE-2022-2196 Vulnerability Details

  /     /     /  

CVE-2022-2196 Metadata Quick Info

CVE Published: 09/01/2023 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: Google | Vendor: Linux | Product: Linux Kernel
Status : PUBLISHED

CVE-2022-2196 Description

A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn\'t need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a

Metrics

CVSS Version: 3.1 | Base Score: 5.8 MEDIUM
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* LOCAL
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* LOW
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* HIGH
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-1188
CWE Name: CWE-1188 Insecure Default Initialization of Resource
Source: Linux

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-30
CAPEC Description: CAPEC-30 Hijacking a Privileged Thread of Execution


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2022-2196 Vulnerability Details