AVG-2681 log

Package	linux-zen
Status	Fixed
Severity	Medium
Type	information disclosure
Affected	5.16.13.zen1-1
Fixed	5.16.14.zen1-1
Current	6.8.7.zen1-1 [extra]
Ticket	None
Created	Fri Apr 15 15:22:14 2022

Issue	Severity	Remote	Type	Description
CVE-2022-0002	Medium	No	Information disclosure	Non-transparent sharing of branch predictor within a context in some Intel® Processors may allow an authorized user to potentially enable information...
CVE-2022-0001	Medium	No	Information disclosure	Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable...

Issue

Severity

Remote

Type

Description

CVE-2022-0002

Medium

Information disclosure

Non-transparent sharing of branch predictor within a context in some Intel® Processors may allow an authorized user to potentially enable information...

CVE-2022-0001

Medium

Information disclosure

Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable...

References
https://github.com/archlinux/svntogit-packages/commit/4cf329bb800a68f2bc8f1b0920c65258c2392dc8 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html https://www.openwall.com/lists/oss-security/2022/03/18/2

References

https://github.com/archlinux/svntogit-packages/commit/4cf329bb800a68f2bc8f1b0920c65258c2392dc8
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html
https://www.openwall.com/lists/oss-security/2022/03/18/2

Notes
haven't yet checked what other "managed runtimes in privileged modes" the SA might be refering to