5.3
CVE-2023-0458
- EPSS 0.14%
- Veröffentlicht 26.04.2023 19:15:08
- Zuletzt bearbeitet 21.11.2024 07:37:13
- Quelle cve-coordination@google.com
- CVE-Watchlists
- Unerledigt
Spectre V1 Gadget in do_prlimit in the Linux Kernel
A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 6.1.8
Linux ≫ Linux Kernel Version6.2 Updaterc1
Linux ≫ Linux Kernel Version6.2 Updaterc2
Linux ≫ Linux Kernel Version6.2 Updaterc3
Linux ≫ Linux Kernel Version6.2 Updaterc4
Debian ≫ Debian Linux Version10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.339 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.7 | 1 | 3.6 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| cve-coordination@google.com | 5.3 | 1.6 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.