CVE-2023-0045Externally Controlled Reference to a Resource in Another Sphere in Kernel

CWE-610Externally Controlled Reference to a Resource in Another Sphere52 documents7 sources
Severity
7.5HIGHNVD
OSV8.8OSV7.8OSV6.4OSV5.5
EPSS
0.2%
top 53.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelDebian LinuxDebian Linux+1 more
Timeline
PublishedApr 25
Latest updateFeb 13

Description

The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. The patch that added the support for the conditional mitiga

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

CVEListV5linux/linux_kernel9137bb27e60ea664ec9158eeddd75121d39c9a0758016097fa96
NVDlinux/linux_kernel3.16.683.17+9
Debianlinux/linux_kernel< 5.10.178-1+3
Ubuntulinux/linux_kernel< 4.15.0-208.220+3
debiandebian/linux< linux 6.1.7-1 (bookworm)

Also affects: Debian Linux 10.0

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

24
OSV
CVE-2023-0045: The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall2023-04-25
OSV
linux-snapdragon vulnerabilities2023-04-19
OSV
linux-intel-iotg vulnerabilities2023-04-11
OSV
linux-gcp vulnerabilities2023-04-11
OSV
linux-bluefield vulnerabilities2023-04-05

📋Vendor Advisories

27
CISA ICS
Siemens SCALANCE W7002025-02-13
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2023-00452023-06-21
Ubuntu
Linux kernel (Qualcomm Snapdragon) vulnerabilities2023-04-19
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2023-04-11
Ubuntu
Linux kernel (GCP) vulnerabilities2023-04-11