CVE-2022-2196

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-2196
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-2196.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-2196
Downstream
Related
Published
2023-01-09T10:59:53.099Z
Modified
2026-05-01T04:08:04.247011Z
Severity
  • 5.8 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L CVSS Calculator
Summary
Speculative execution attacks in KVM VMX
Details

A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a

Database specific 
{
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "fixed": "2e7eab81425a"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "cwe_ids": [
        "CWE-1188"
    ],
    "cna_assigner": "Google",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/2xxx/CVE-2022-2196.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
c9c3395d5e3dcc6daee66c6908354d47bf98cb0c
Database specific 
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "6.2"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-2196.json"