CVE-2022-0001 Branch predictors can be shared between contexts in some Intel processors, which may allow for information disclosure if a user has access to local memory.

CVE-2022-0001 Branch predictors can be shared between contexts in some Intel processors, which may allow for information disclosure if a user has access to local memory.

This issue may be mitigated by disabling branch prediction in the affected processor(s), or by placing a limit on the number of predictors that may be enabled per user. It is recommended to monitor activity on the local network, and in accessible file systems, for unauthorized usage of branch predictors. In some configurations, non-transparent sharing of branch predictors between user contexts may allow an authorized user to potentially enable information disclosure via local access. This issue may be mitigated by disabling branch prediction in the affected processor(s), or by placing a limit on the number of predictors that may be enabled per user. It is recommended to monitor activity on the local network, and in accessible file systems, for unauthorized usage of branch predictors. Intel has provided the following Workaround for this issue: Disabling branch prediction or placing a limit on the number of branch predictors an individual user may enable per session per processor will reduce the risk of unauthorized disclosure via local network access.

Intel® Xeon® CPU with Intel® HT Technology

An Intel® Xeon® CPU with Intel® HT Technology containing a vulnerable microcode may allow unauthorized disclosure of data via local network access. This issue may be mitigated by disabling branch prediction in the affected processor(s), or by placing a limit on the number of predictors that may be enabled per user. It is recommended to monitor activity on the local network, and in accessible file systems, for unauthorized usage of branch predictors.
Intel has provided the following Workarounds for this issue: Disabling branch prediction or placing a limit on the number of branch predictors an individual user may enable per session per processor will reduce the risk of unauthorized disclosure via local network access.

Hardware-Based Workaround

Intel has provided the following Workaround for this issue: Disabling branch prediction or placing a limit on the number of branch predictors an individual user may enable per session per processor will reduce the risk of unauthorized disclosure via local network access.

Intel Microcode Updates

Intel has provided microcode updates that may reduce the risk of unauthorized disclosure via local network access.
If your system is affected by this issue, contact an Intel representative to obtain the latest version of the microcode update. The following table provides links to download the microcode updates:

Intel Processor Microcode Update Disabling Branch Prediction Protection

The microcode update disables branch prediction protections. This update can be applied to a system running the currently supported versions of Windows, Linux, and macOS operating systems.
Intel has released microcode updates that address this CVE-2022-0001 issue. If you are using an Intel processor, you must install one of the following updates:
1) KB 4074587 - Microcode Update for Intel Processors with Branch Prediction Protection Disabled
2) KB 4074588 - Microcode Update for Intel Processors with Branch Prediction Protection Enabled

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe