A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.
History

Thu, 19 Dec 2024 20:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in some Intel CPUs where mitigations for the Spectre V2/BHI vulnerability were incomplete. This issue may allow an attacker to read arbitrary memory, compromising system integrity and exposing sensitive information. A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.
Title hw: cpu: intel: Native Branch History Injection (BHI) CVE-2024-2201
References

Wed, 30 Oct 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:enterprise_linux:9
cpe:/a:redhat:rhel_eus:9.2
cpe:/a:redhat:rhel_eus:9.2::nfv
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat rhel Eus

Thu, 10 Oct 2024 02:45:00 +0000


Tue, 24 Sep 2024 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Els
CPEs cpe:/o:redhat:rhel_els:7
Vendors & Products Redhat rhel Els

Tue, 24 Sep 2024 06:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Extras Rt Els
CPEs cpe:/a:redhat:rhel_extras_rt_els:7
Vendors & Products Redhat rhel Extras Rt Els

Thu, 08 Aug 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:8::nfv
cpe:/o:redhat:enterprise_linux:8
Vendors & Products Redhat
Redhat enterprise Linux

cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2024-12-19T20:28:31.596Z

Updated: 2024-12-19T20:29:32.134Z

Reserved: 2024-03-05T19:12:39.649Z

Link: CVE-2024-2201

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2024-12-19T21:15:08.103

Modified: 2024-12-19T21:15:08.103

Link: CVE-2024-2201

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-04-09T04:30:00Z

Links: CVE-2024-2201 - Bugzilla