CVE-2022-25368

Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim's hardware context. Speculation caused by these mispredicted branches can then potentially be used to cause cache allocation, which can then be used to infer information that should be protected.

Published: 2022-03-10 Last update: 2024-11-21 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2022-25368 is rated Low Risk (36/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.29%). Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2022-25368

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-03-30 0.48% 0.29% -0.18%
2 2025-03-29 0.29% 0.48% +0.18%
3 2025-03-25 0.29%

Full EPSS history (7 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2022-25368

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
4.7 3.1 MEDIUM
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Click to expand
Attack vector (AV:L)
They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:H)
Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:L)
A normal user session is enough; they don’t have to be admin.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:N)
Service keeps running; no real outage angle.
 1.0 3.6 [email protected]
1.9 2.0 LOW
AV:L/AC:M/Au:N/C:P/I:N/A:N Click to expand
Access vector (AV:L)
Requires local access to the target system.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:N)
No availability impact.
 3.4 2.9 [email protected]

Weakness enumeration for CVE-2022-25368

OS Trackers for CVE-2022-25368

vendor priority summary link
suse medium CVE-2022-25368 severity moderate: SUSE including 14 source package names (kernel-default, kernel-default-base, …), 242 product×package rows across 55 product lines (HPE Helion OpenStack 8, SUSE CaaS Platform 4.0, … (55 product lines)): Known Not Affected 242. https://www.suse.com/security/cve/CVE-2022-25368/

Affected software / configurations for CVE-2022-25368

Vendor Product Version Raw CPE
amperecomputing ampere_altra_max_firmware cpe:2.3:o:amperecomputing:ampere_altra_max_firmware:-:*:*:*:*:*:*:*
amperecomputing ampere_altra_firmware cpe:2.3:o:amperecomputing:ampere_altra_firmware:-:*:*:*:*:*:*:*
arm neoverse-e1_firmware cpe:2.3:o:arm:neoverse-e1_firmware:-:*:*:*:*:*:*:*
arm neoverse-v1_firmware cpe:2.3:o:arm:neoverse-v1_firmware:-:*:*:*:*:*:*:*
arm cortex-a57_firmware cpe:2.3:o:arm:cortex-a57_firmware:-:*:*:*:*:*:*:*
arm cortex-a65_firmware cpe:2.3:o:arm:cortex-a65_firmware:-:*:*:*:*:*:*:*
arm cortex-a65ae_firmware cpe:2.3:o:arm:cortex-a65ae_firmware:-:*:*:*:*:*:*:*
arm cortex-a72_firmware cpe:2.3:o:arm:cortex-a72_firmware:-:*:*:*:*:*:*:*
arm cortex-a73_firmware cpe:2.3:o:arm:cortex-a73_firmware:-:*:*:*:*:*:*:*
arm cortex-a75_firmware cpe:2.3:o:arm:cortex-a75_firmware:-:*:*:*:*:*:*:*
arm cortex-a76_firmware cpe:2.3:o:arm:cortex-a76_firmware:-:*:*:*:*:*:*:*
arm cortex-a76ae_firmware cpe:2.3:o:arm:cortex-a76ae_firmware:-:*:*:*:*:*:*:*
arm cortex-a77_firmware cpe:2.3:o:arm:cortex-a77_firmware:-:*:*:*:*:*:*:*
arm cortex-a78_firmware cpe:2.3:o:arm:cortex-a78_firmware:-:*:*:*:*:*:*:*
arm cortex-a78ae_firmware cpe:2.3:o:arm:cortex-a78ae_firmware:-:*:*:*:*:*:*:*
arm cortex-a78c_firmware cpe:2.3:o:arm:cortex-a78c_firmware:-:*:*:*:*:*:*:*
arm cortex-x1_firmware cpe:2.3:o:arm:cortex-x1_firmware:-:*:*:*:*:*:*:*
arm cortex-x2_firmware cpe:2.3:o:arm:cortex-x2_firmware:-:*:*:*:*:*:*:*
arm cortex-a710_firmware cpe:2.3:o:arm:cortex-a710_firmware:-:*:*:*:*:*:*:*
arm cortex-a15_firmware cpe:2.3:o:arm:cortex-a15_firmware:-:*:*:*:*:*:*:*
arm neoverse_n1_firmware cpe:2.3:o:arm:neoverse_n1_firmware:-:*:*:*:*:*:*:*
arm neoverse_n2_firmware cpe:2.3:o:arm:neoverse_n2_firmware:-:*:*:*:*:*:*:*

References for CVE-2022-25368

cvelogic Threat Intelligence