Impact of Spectre BHB

Bulletin ID: AMP-SB-0001

Potential Impact: Partial loss of protected data

Severity: Medium: CVSS score is 4.7

Summary

[CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N]

Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim's hardware context. Speculation caused by these mispredicted branches can then potentially be used to cause cache allocation, which can then be used to infer information that should be protected.

Affected Product(s):

Ampere^® Altra^®, Ampere^® Altra^® Max and AmpereOne^®

Recommendations

For Ampere^® Altra^® and Ampere^® Altra^® Max: Ampere recommends that users of affected products update to the latest firmware version provided by the system manufacturer that addresses these issues. Ampere also recommends updating to the latest OS updates that that addresses these issues.

For AmpereOne^®: Ampere also recommends updating to the latest OS updates that that addresses these issues. No Firmware updates are required.

References:

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25368

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960

• https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/spectre-bhb

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3006