AVG-2680 log

Package	linux
Status	Fixed
Severity	Medium
Type	information disclosure
Affected	5.16.13.arch1-1
Fixed	5.16.14.arch1-1
Current	6.17.8.arch1-1 [core]
Ticket	None
Created	Fri Apr 15 15:12:36 2022

Issue	Severity	Remote	Type	Description
CVE-2022-0002	Medium	No	Information disclosure	Non-transparent sharing of branch predictor within a context in some Intel® Processors may allow an authorized user to potentially enable information...
CVE-2022-0001	Medium	No	Information disclosure	Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable...

Issue

Severity

Remote

Type

Description

CVE-2022-0002

Medium

Information disclosure

Non-transparent sharing of branch predictor within a context in some Intel® Processors may allow an authorized user to potentially enable information...

CVE-2022-0001

Medium

Information disclosure

Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable...

References
https://github.com/archlinux/svntogit-packages/commit/161a75ed5bf2639b85cf6bba2acad6ac8e9b2cb5 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html https://www.openwall.com/lists/oss-security/2022/03/18/2

References

https://github.com/archlinux/svntogit-packages/commit/161a75ed5bf2639b85cf6bba2acad6ac8e9b2cb5
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html
https://www.openwall.com/lists/oss-security/2022/03/18/2

Notes
haven't yet checked what other "managed runtimes in privileged modes" the SA might be refering to