CVE-2022-2196 : A regression exists in the Linux Kernel within KVM: nVMX that allowed for specul

A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a

Published 2023-01-09 11:15:11

Updated 2025-02-13 17:15:40

Source Google Inc.

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2022-2196

Debian » Debian Linux » Version: 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.11 and before (<) 5.15.96
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.6.19 and before (<) 5.7
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.7.3 and before (<) 5.10.170
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.4.47 and before (<) 5.4.233
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.16 and before (<) 6.1.14
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-2196

EPSS FAQ

0.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 4 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-2196

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.8	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L	1.0	4.7	Google Inc.
Attack Vector: Local Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: High Availability: Low
8.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	2.0	6.0	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2022-2196

CWE-1188 Initialization of a Resource with an Insecure Default

The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.
Assigned by:
- cve-coordination@google.com (Secondary)
- nvd@nist.gov (Primary)

References for CVE-2022-2196

https://kernel.dance/#2e7eab81425a

🐧🕺
Patch;Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html

[SECURITY] [DLA 3404-1] linux-5.10 security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://security.netapp.com/advisory/ntap-20230223-0002/

CVE-2022-2196 Linux Kernel Vulnerability in NetApp Products | NetApp Product Security
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2e7eab81425ad6c875f2ed47c0ce01e78afc38a5

kernel/git/torvalds/linux.git - Linux kernel source tree
Mailing List;Patch;Vendor Advisory

Jump to

Vulnerability Details : CVE-2022-2196

Products affected by CVE-2022-2196

Exploit prediction scoring system (EPSS) score for CVE-2022-2196

CVSS scores for CVE-2022-2196

CWE ids for CVE-2022-2196

References for CVE-2022-2196