AVG-2680 log

Package linux
Status Fixed
Severity Medium
Type information disclosure
Affected 5.16.13.arch1-1
Fixed 5.16.14.arch1-1
Current 5.19.1.arch2-1 [testing]
5.18.16.arch1-1 [core]
Ticket None
Created Fri Apr 15 15:12:36 2022
Issue Severity Remote Type Description
CVE-2022-0002 Medium No Information disclosure
Non-transparent sharing of branch predictor within a context in some IntelĀ® Processors may allow an authorized user to potentially enable information...
CVE-2022-0001 Medium No Information disclosure
Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable...
References
https://github.com/archlinux/svntogit-packages/commit/161a75ed5bf2639b85cf6bba2acad6ac8e9b2cb5
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html
https://www.openwall.com/lists/oss-security/2022/03/18/2
Notes
haven't yet checked what other "managed runtimes in privileged modes" the SA might be refering to