CVE-2023-0458NULL Pointer Dereference in Kernel

CWE-476NULL Pointer Dereference25 documents7 sources
Severity
4.7MEDIUMNVD
OSV5.5
EPSS
0.1%
top 75.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Linux KernelDebian LinuxDebian Linux+6 more
Timeline
PublishedApr 26
Latest updateSep 19

Description

A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages11 packages

NVDlinux/linux_kernel< 6.1.8+1
Debianlinux/linux_kernel< 5.10.178-1+3
Ubuntulinux/linux_kernel< 3.13.0-193.244+1
CVEListV5linux/linux_kernel6.1.8
debiandebian/linux< linux 6.1.8-1 (bookworm)

Also affects: Debian Linux 10.0

Patches

Patch: git.kernel.orgPatch: github.comPatch: git.kernel.org

🔴Vulnerability Details

10
OSV
linux-oem-6.0 vulnerabilities2023-09-19
OSV
linux vulnerabilities2023-09-06
OSV
linux-iot vulnerabilities2023-07-27
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities2023-07-26
OSV
linux-xilinx-zynqmp vulnerabilities2023-07-12

📋Vendor Advisories

13
Ubuntu
Linux kernel (OEM) vulnerabilities2023-09-19
Ubuntu
Linux kernel vulnerabilities2023-09-06
Ubuntu
Linux kernel (IoT) vulnerabilities2023-07-27
Ubuntu
Linux kernel vulnerabilities2023-07-26
Ubuntu
Linux kernel (Xilinx ZynqMP) vulnerabilities2023-07-12

💬Community

1
Bugzilla
CVE-2023-0458 kernel: speculative pointer dereference in do_prlimit() in kernel/sys.c2023-05-04
CVE-2023-0458 — NULL Pointer Dereference in Kernel | cvebase