CVE-2022-2196

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-2196

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-2196.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-2196

Downstream

DEBIAN-CVE-2022-2196

DLA-3404-1

OESA-2023-1035

OESA-2023-1036

RHSA-2023:2148

RHSA-2023:2458

RHSA-2023:2736

RHSA-2023:2951

RHSA-2024:0930

SUSE-SU-2023:2140-1

SUSE-SU-2023:2141-1

SUSE-SU-2023:2146-1

SUSE-SU-2023:2147-1

SUSE-SU-2023:2148-1

SUSE-SU-2023:2231-1

SUSE-SU-2023:2646-1

SUSE-SU-2023:2809-1

UBUNTU-CVE-2022-2196

USN-5976-1

USN-5977-1

USN-5978-1

USN-5979-1

USN-5980-1

USN-5982-1

USN-5985-1

USN-5987-1

USN-6004-1

USN-6020-1

USN-6151-1

Related

Published

2023-01-09T11:15:10Z

Modified

2025-08-09T20:01:27Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a

References

Affected packages