CVE-2022-2196

Updated: 2026-02-27 00:23:18.235964

Description:

A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0.0
CVSS Version 3.x HIGH 8.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU kernel 5.14.0 8.8 HIGH Already Fixed 2024-01-18 13:09:49
CentOS 6 ELS kernel 2.6.32 8.8 HIGH Not Vulnerable 2024-02-16 08:36:38 Not affected: in this environment, guests do not have direct access to MSR_IA32_SPEC_CTRL (KVM inter...
CentOS 7 ELS kernel 3.10.0 8.8 HIGH Released CLSA-2024:1730801690 2024-11-22 12:19:41
CentOS 8.4 ELS kernel 4.18.0 8.8 HIGH Released CLSA-2023:1686585068 2023-06-13 09:08:07
CentOS 8.5 ELS kernel 4.18.0 8.8 HIGH Released CLSA-2023:1686651204 2023-06-13 09:08:08
CentOS Stream 8 ELS kernel 4.18.0 8.8 HIGH Already Fixed 2024-10-12 05:24:20
CloudLinux 6 ELS kernel 2.6.32 8.8 HIGH Not Vulnerable 2023-09-21 14:13:37
CloudLinux 7 ELS kernel 3.10.0 8.8 HIGH Not Vulnerable 2024-10-23 01:29:49 Not affected: CVE-2022-2196 stems from upstream commit 5c911beff20a (“KVM: nVMX: Skip IBPB when sw...
Oracle Linux 6 ELS kernel 2.6.32 8.8 HIGH Not Vulnerable 2024-02-16 08:36:38 Not affected: in this environment, guests do not have direct access to MSR_IA32_SPEC_CTRL (KVM inter...
RHEL 7 ELS kernel 3.10.0 8.8 HIGH Released CLSA-2025:1750353839 2025-06-20 04:45:02
Total: 13