CVE-2023-30456

EPSS 0.01%
Veröffentlicht 10.04.2023 02:15:06
Zuletzt bearbeitet 19.03.2025 16:15:22
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 6.2.8

Linux ≫ Linux Kernel Version6.3 Updaterc1

Linux ≫ Linux Kernel Version6.3 Updaterc2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.006

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2	4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2	4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html

https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html

http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html

https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.8

Patch

https://github.com/torvalds/linux/commit/112e66017bff7f2837030f34c2bc19501e9212d5

Release Notes

https://security.netapp.com/advisory/ntap-20230511-0007/

https://nvd.nist.gov/vuln/detail/CVE-2023-30456

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-30456

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-30456

EUVD