AVG-2682 log

Package linux-hardened
Status Fixed
Severity Medium
Type information disclosure
Affected 5.12.19.hardened1-1
Fixed 5.13.13.hardened1-1
Current 6.12.6.hardened1-2 [extra-testing]
6.12.6.hardened1-1 [extra]
Ticket None
Created Fri Apr 15 15:30:07 2022
Issue Severity Remote Type Description
CVE-2022-0002 Medium No Information disclosure
Non-transparent sharing of branch predictor within a context in some IntelĀ® Processors may allow an authorized user to potentially enable information...
CVE-2022-0001 Medium No Information disclosure
Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable...
References
https://github.com/archlinux/svntogit-packages/commit/88822ee46e0b1bdfadd8977341505c9f6541b006
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html
https://www.openwall.com/lists/oss-security/2022/03/18/2
Notes
haven't yet checked what other "managed runtimes in privileged modes" the SA might be refering to

but unless there are any I think this is one of those cases where the fix was so long ago, nobody cares about the ASA anymore