AVG-2681 log

Package linux-zen
Status Fixed
Severity Medium
Type information disclosure
Affected 5.16.13.zen1-1
Fixed 5.16.14.zen1-1
Current 6.12.zen1-1 [extra-testing]
6.11.9.zen1-1 [extra]
Ticket None
Created Fri Apr 15 15:22:14 2022
Issue Severity Remote Type Description
CVE-2022-0002 Medium No Information disclosure
Non-transparent sharing of branch predictor within a context in some IntelĀ® Processors may allow an authorized user to potentially enable information...
CVE-2022-0001 Medium No Information disclosure
Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable...
References
https://github.com/archlinux/svntogit-packages/commit/4cf329bb800a68f2bc8f1b0920c65258c2392dc8
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html
https://www.openwall.com/lists/oss-security/2022/03/18/2
Notes
haven't yet checked what other "managed runtimes in privileged modes" the SA might be refering to