admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2023/0xxx/CVE-2023-0045.json

109 lines
4.3 KiB
JSON
Raw Normal View History

"-Synchronized-Data."
2023-01-04 11:00:37 +00:00
{
"-Synchronized-Data."
2023-04-25 23:00:35 +00:00
"data_version": "4.0",
"-Synchronized-Data."
2023-01-04 11:00:37 +00:00
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-0045",
"-Synchronized-Data."
2023-04-25 23:00:35 +00:00
"ASSIGNER": "security@google.com",
"STATE": "PUBLIC"
"-Synchronized-Data."
2023-01-04 11:00:37 +00:00
},
"description": {
"description_data": [
{
"lang": "eng",
"-Synchronized-Data."
2023-04-25 23:00:35 +00:00
"value": "The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set \u00a0function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. \u00a0The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176.\n\nWe recommend upgrading past commit\u00a0a664ec9158eeddd75121d39c9a0758016097fa96\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-610 Externally Controlled Reference to a Resource in Another Sphere",
"cweId": "CWE-610"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux Kernel",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9137bb27e60e",
"version_value": "a664ec9158eeddd75121d39c9a0758016097fa96"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/tip/a664ec9158eeddd75121d39c9a0758016097fa96",
"refsource": "MISC",
"name": "https://git.kernel.org/tip/a664ec9158eeddd75121d39c9a0758016097fa96"
"-Synchronized-Data."
2023-05-03 01:00:35 +00:00
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"
"-Synchronized-Data."
2023-05-03 14:00:38 +00:00
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
"-Synchronized-Data."
2023-07-18 08:00:33 +00:00
},
{
"url": "https://security.netapp.com/advisory/ntap-20230714-0001/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20230714-0001/"
"-Synchronized-Data."
2023-07-23 02:00:33 +00:00
},
{
"url": "https://github.com/google/security-research/security/advisories/GHSA-9x5g-vmxf-4qj8",
"refsource": "MISC",
"name": "https://github.com/google/security-research/security/advisories/GHSA-9x5g-vmxf-4qj8"
"-Synchronized-Data."
2023-04-25 23:00:35 +00:00
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
"-Synchronized-Data."
2023-01-04 11:00:37 +00:00
}
]
}
}
Reference in New Issue Copy Permalink