7.5

CVE-2023-0045

Exploit

EPSS 0.25%
Published 25.04.2023 23:15:09
Last modified 13.02.2025 17:15:52
Source cve-coordination@google.com
Teams watchlist Login
Open Login

The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set  function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall.  The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176.

We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96

Affected products Warnungen 0 Metrics 3 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 3.16.68 < 3.17

Linux ≫ Linux Kernel Version >= 4.4.180 < 4.5

Linux ≫ Linux Kernel Version >= 4.9.176 < 4.10

Linux ≫ Linux Kernel Version >= 4.14.86 < 4.14.303

Linux ≫ Linux Kernel Version >= 4.19.7 < 4.19.270

Linux ≫ Linux Kernel Version >= 4.20 < 5.4.229

Linux ≫ Linux Kernel Version >= 5.5.0 < 5.10.163

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.87

Linux ≫ Linux Kernel Version >= 5.16 < 6.0.19

Linux ≫ Linux Kernel Version >= 6.1 < 6.1.5

Debian ≫ Debian Linux Version10.0

Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere

Netapp ≫ H300s Firmware Version-

Netapp ≫ H300s Version-

Netapp ≫ H500s Firmware Version-

Netapp ≫ H500s Version-

Netapp ≫ H700s Firmware Version-

Netapp ≫ H700s Version-

Netapp ≫ H410s Firmware Version-

Netapp ≫ H410s Version-

Netapp ≫ H410c Firmware Version-

Netapp ≫ H410c Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.25%	0.478

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cve-coordination@google.com	4.7	1	3.6	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-610 Externally Controlled Reference to a Resource in Another Sphere

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html

Third Party Advisory

Mailing List

https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html

Third Party Advisory

Mailing List

https://git.kernel.org/tip/a664ec9158eeddd75121d39c9a0758016097fa96

Patch

Mailing List

https://github.com/google/security-research/security/advisories/GHSA-9x5g-vmxf-4qj8

Third Party Advisory

Exploit

https://security.netapp.com/advisory/ntap-20230714-0001/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-0045

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-0045

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-0045

EUVD