How severe is CVE-2022-2196?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2022-2196?

This is classified as CWE-1188, which is a common weakness in software security.

CVE-2022-2196 - HIGH Severity | CVSS 8.8

Vulnerability Description

A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a

Related Vulnerabilities

CVE-2017-6684

HIGH

CVSS:8.8(High)

A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user, aka an Insecure Default Credentials Vulnera...

CWE-11882017

CVE-2017-6685

HIGH

CVSS:8.8(High)

A vulnerability in Cisco Ultra Services Framework Staging Server could allow an authenticated, remote attacker with access to the management network to log in as an admin user of the affected device, ...

CWE-11882017

CVE-2017-6686

HIGH

CVSS:8.8(High)

A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in as an admin or oper user of the affected...

CWE-11882017

CVE-2017-6687

HIGH

CVSS:8.8(High)

A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in to the affected device using default cre...

CWE-11882017

CVE-2017-6688

HIGH

CVSS:8.8(High)

A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux root user, aka an Insecure Default Password Vulnerabili...

CWE-11882017

CVE-2017-6689

HIGH

CVSS:8.8(High)

A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the admin user, aka an Insecure Default Administ...

CWE-11882017