CVE-2023-1513Improper Initialization in Kernel

CWE-665Improper InitializationCWE-667Improper Locking42 documents9 sources
Severity
3.3LOWNVD
OSV5.5OSV4.7
EPSS
0.0%
top 93.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelFedoraproject FedoraRedhat Enterprise Linux
Timeline
PublishedMar 23
Latest updateAug 21

Description

A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages3 packages

Debianlinux/linux_kernel< 5.10.178-1+3
Ubuntulinux/linux_kernel< 4.15.0-211.222+2

Also affects: Fedora 37, Enterprise Linux 7.0, 8.0, 9.0

Patches

Patch: bugzilla.redhat.comPatch: github.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

20
OSV
linux-iot vulnerabilities2023-07-27
OSV
linux-xilinx-zynqmp vulnerabilities2023-07-12
OSV
linux-intel-iotg vulnerabilities2023-06-01
OSV
linux-aws-5.4, linux-bluefield vulnerabilities2023-06-01
OSV
linux-intel-iotg-5.15 vulnerabilities2023-06-01

📋Vendor Advisories

20
Red Hat
kernel: io_uring: lock overflowing for IOPOLL2024-08-21
Ubuntu
Linux kernel (IoT) vulnerabilities2023-07-27
Ubuntu
Linux kernel (Xilinx ZynqMP) vulnerabilities2023-07-12
Ubuntu
Linux kernel vulnerabilities2023-06-01
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2023-06-01

💬Community

1
Bugzilla
CVE-2023-1513 kernel: KVM: information leak in KVM_GET_DEBUGREGS ioctl on 32-bit systems2023-03-20
CVE-2023-1513 — Improper Initialization in Linux Kernel | cvebase