CVE-2022-0001: 
vulnerability analysis and mitigation

CVE-2022-0001 is a vulnerability related to non-transparent sharing of branch predictor selectors between contexts in some Intel processors. The vulnerability was discovered and disclosed in March 2022, affecting various Intel processor models. This vulnerability allows an authorized user to potentially enable information disclosure via local access (Intel Advisory, NVD).

The vulnerability stems from the insufficient hardware mitigations added by Intel to their processors to address Spectre-BTI (Branch Target Injection). Researchers Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida discovered that these mitigations were not adequate. The vulnerability has a CVSS 3 Severity Score of 6.5 (Medium) (Ubuntu).

A successful exploitation of this vulnerability could allow an attacker to expose sensitive information through local access. On systems running virtualization software like Xen, an attacker might be able to infer the contents of arbitrary host memory, including memory assigned to other guests (OSS Security).

To mitigate the primary known attack vector, it is recommended to disable unprivileged eBPF by using the command 'sudo sysctl kernel.unprivilegedbpfdisabled=1' or 'sudo sysctl kernel.unprivilegedbpfdisabled=2'. For AMD systems with CET-SS, use 'spec-ctrl=bti-thunk=jmp,ibrs' on the command line. Without CET-SS, use 'spec-ctrl=bti-thunk=retpoline' (OSS Security).

Intel has recommended not making any changes by default for this vulnerability. On eIBRS capable hardware, there is uncertainty over the utility of Branch History Injection to an adversary. The risk can be removed by using eIBRS in combination with retpoline (OSS Security).