CVE-2022-0001 Branch predictors can be shared between contexts in some Intel processors, which may allow for information disclosure if a user has access to local memory.
This issue may be mitigated by disabling branch prediction in the affected processor(s), or by placing a limit on the number of predictors that may be enabled per user. It is recommended to monitor activity on the local network, and in accessible file systems, for unauthorized usage of branch predictors. In some configurations, non-transparent sharing of branch predictors between user contexts may allow an authorized user to potentially enable information disclosure via local access. This issue may be mitigated by disabling branch prediction in the affected processor(s), or by placing a limit on the number of predictors that may be enabled per user. It is recommended to monitor activity on the local network, and in accessible file systems, for unauthorized usage of branch predictors. Intel has provided the following Workaround for this issue: Disabling branch prediction or placing a limit on the number of branch predictors an individual user may enable per session per processor will reduce the risk of unauthorized disclosure via local network access.
Intel® Xeon® CPU with Intel® HT Technology
An Intel® Xeon® CPU with Intel® HT Technology containing a vulnerable microcode may allow unauthorized disclosure of data via local network access. This issue may be mitigated by disabling branch prediction in the affected processor(s), or by placing a limit on the number of predictors that may be enabled per user. It is recommended to monitor activity on the local network, and in accessible file systems, for unauthorized usage of branch predictors.
Intel has provided the following Workarounds for this issue: Disabling branch prediction or placing a limit on the number of branch predictors an individual user may enable per session per processor will reduce the risk of unauthorized disclosure via local network access.
Hardware-Based Workaround
Intel has provided the following Workaround for this issue: Disabling branch prediction or placing a limit on the number of branch predictors an individual user may enable per session per processor will reduce the risk of unauthorized disclosure via local network access.
Intel Microcode Updates
Intel has provided microcode updates that may reduce the risk of unauthorized disclosure via local network access.
If your system is affected by this issue, contact an Intel representative to obtain the latest version of the microcode update. The following table provides links to download the microcode updates:
Intel Processor Microcode Update Disabling Branch Prediction Protection
The microcode update disables branch prediction protections. This update can be applied to a system running the currently supported versions of Windows, Linux, and macOS operating systems.
Intel has released microcode updates that address this CVE-2022-0001 issue. If you are using an Intel processor, you must install one of the following updates:
1) KB 4074587 - Microcode Update for Intel Processors with Branch Prediction Protection Disabled
2) KB 4074588 - Microcode Update for Intel Processors with Branch Prediction Protection Enabled
Timeline
Published on: 03/11/2022 18:15:00 UTC
Last modified on: 08/19/2022 12:28:00 UTC
References
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html
- http://www.openwall.com/lists/oss-security/2022/03/18/2
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://security.netapp.com/advisory/ntap-20220818-0004/
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0001