CVE-2023-1998
published 2023-04-21CVE-2023-1998: The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well…
PriorityP432medium5.6CVSS 3.1
AVLACHPRLUINSCCHINAN
EXPLOIT
EPSS
1.38%
68.6th percentile
The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line.
This happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.20-1 (bookworm) | linux 6.1.20-1 (bookworm) |
| linux | linux_kernel | < 6.3 | 6.3 |
| linux | linux_kernel | >= 0 < 5.10.178-1 | 5.10.178-1 |
| linux | linux_kernel | >= 0 < 6.1.20-1 | 6.1.20-1 |
| linux | linux_kernel | >= 0 < 6.1.20-1 | 6.1.20-1 |
| linux | linux_kernel | >= 0 < 6.1.20-1 | 6.1.20-1 |
| linux | linux_kernel | >= 0 < 5.4.0-152.169 | 5.4.0-152.169 |
| linux | linux_kernel | >= 0 < 5.15.0-75.82 | 5.15.0-75.82 |
| linux | linux_kernel | >= 0 < 4.4.0-253.287 | 4.4.0-253.287 |
| linux | linux_kernel | >= 0 < 4.15.0-224.236 | 4.15.0-224.236 |
| msrc | cbl2_hyperv-daemons_5.15.118.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_kernel_5.15.111.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| msrc | cm1_hyperv-daemons_5.10.189.1-1_on_cbl_mariner_1.0 | — | — |
| msrc | cm1_kernel_5.10.179.1-1_on_cbl_mariner_1.0 | — | — |
CVSS provenance
nvdv3.15.6MEDIUMCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
osv7.0HIGH
vendor_ubuntu7.0HIGH
vendor_debian5.6MEDIUM
vendor_msrc5.6MEDIUM
vendor_redhat5.6MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2024-04-19·CVSS 7.0
CVE-2023-1382 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that a race condition existed in the instruction emulator
of the Linux kernel on Arm 64-bit systems. A local attacker could use this
to cause a denial of service (system crash). (CVE-2022-20422)
Wei Chen discovered that a race condition existed in the TIPC protocol
implementation in the Linux kernel, leading to a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-1382)
Jose Oliveira and Rodrigo Branco discovered that the Spectre Variant 2
mitigations with prctl syscall were insufficient in some situations. A
local attacker could possibly use this to expose sensitive information.
(CVE-2023-1998)
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2024-04-19·CVSS 4.7
CVE-2024-23851 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Wei Chen discovered that a race condition existed in the TIPC protocol
implementation in the Linux kernel, leading to a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-1382)
It was discovered that the virtio network implementation in the Linux
kernel did not properly handle file references in the host, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly expose sensitive information
(kernel memory). (CVE-2023-1838)
Jose Oliveira and Rodrigo Branco discovered that the Spectre Variant 2
mitigations with prctl syscall were insufficient
Ubuntu
Linux kernel (IoT) vulnerabilities
vendor_ubuntu·2023-07-27·CVSS 5.5
CVE-2023-2162 [MEDIUM] Linux kernel (IoT) vulnerabilities
Title: Linux kernel (IoT) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon
GPU devices did not properly validate memory allocation in certain
situations, leading to a null pointer dereference vulnerability. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2022-3108)
Zheng Wang discovered that the Intel i915 graphics driver in the Linux
kernel did not properly handle certain error conditions, leading to a
double-free. A local attacker could possibly use this to cause a denial of
service (system crash). (CVE-2022-3707)
It was discovered that the infrared transceiver USB driver did not properly
handle USB control messages. A local attacker with physica
Ubuntu
Linux kernel (Azure CVM) vulnerabilities
vendor_ubuntu·2023-07-12·CVSS 5.5
CVE-2023-25012 [MEDIUM] Linux kernel (Azure CVM) vulnerabilities
Title: Linux kernel (Azure CVM) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the TUN/TAP driver in the Linux kernel did not
properly initialize socket data. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-1076)
It was discovered that the Real-Time Scheduling Class implementation in the
Linux kernel contained a type confusion vulnerability in some situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-1077)
It was discovered that the ASUS HID driver in the Linux kernel did not
properly handle device removal, leading to a use-after-free vulnerability.
A local attacker with physical access could plug in a specially crafted USB
device to cause a deni
Ubuntu
Linux kernel (Xilinx ZynqMP) vulnerabilities
vendor_ubuntu·2023-07-12·CVSS 5.5
CVE-2023-1380 [MEDIUM] Linux kernel (Xilinx ZynqMP) vulnerabilities
Title: Linux kernel (Xilinx ZynqMP) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon
GPU devices did not properly validate memory allocation in certain
situations, leading to a null pointer dereference vulnerability. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2022-3108)
Zheng Wang discovered that the Intel i915 graphics driver in the Linux
kernel did not properly handle certain error conditions, leading to a
double-free. A local attacker could possibly use this to cause a denial of
service (system crash). (CVE-2022-3707)
It was discovered that the infrared transceiver USB driver did not properly
handle USB control messages. A local attacker wi
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities
vendor_ubuntu·2023-07-06·CVSS 5.5
CVE-2023-1670 [MEDIUM] Linux kernel (Intel IoTG) vulnerabilities
Title: Linux kernel (Intel IoTG) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the TUN/TAP driver in the Linux kernel did not
properly initialize socket data. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-1076)
It was discovered that the Real-Time Scheduling Class implementation in the
Linux kernel contained a type confusion vulnerability in some situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-1077)
It was discovered that the ASUS HID driver in the Linux kernel did not
properly handle device removal, leading to a use-after-free vulnerability.
A local attacker with physical access could plug in a specially crafted USB
device to cause a den
Ubuntu
Linux kernel (IBM) vulnerabilities
vendor_ubuntu·2023-06-22·CVSS 5.5
CVE-2023-1079 [MEDIUM] Linux kernel (IBM) vulnerabilities
Title: Linux kernel (IBM) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
William Zhao discovered that the Traffic Control (TC) subsystem in the
Linux kernel did not properly handle network packet retransmission in
certain situations. A local attacker could use this to cause a denial of
service (kernel deadlock). (CVE-2022-4269)
It was discovered that the TUN/TAP driver in the Linux kernel did not
properly initialize socket data. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-1076)
It was discovered that the Real-Time Scheduling Class implementation in the
Linux kernel contained a type confusion vulnerability in some situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2023-06-22·CVSS 5.5
CVE-2023-1998 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the TUN/TAP driver in the Linux kernel did not
properly initialize socket data. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-1076)
It was discovered that the Real-Time Scheduling Class implementation in the
Linux kernel contained a type confusion vulnerability in some situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-1077)
It was discovered that the ASUS HID driver in the Linux kernel did not
properly handle device removal, leading to a use-after-free vulnerability.
A local attacker with physical access could plug in a specially crafted USB
device to cause a denial of servic
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2023-06-16·CVSS 5.5
CVE-2023-1998 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
William Zhao discovered that the Traffic Control (TC) subsystem in the
Linux kernel did not properly handle network packet retransmission in
certain situations. A local attacker could use this to cause a denial of
service (kernel deadlock). (CVE-2022-4269)
It was discovered that the TUN/TAP driver in the Linux kernel did not
properly initialize socket data. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-1076)
It was discovered that the Real-Time Scheduling Class implementation in the
Linux kernel contained a type confusion vulnerability in some situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-1077)
Ubuntu
Linux kernel (OEM) vulnerabilities
vendor_ubuntu·2023-04-19·CVSS 5.5
CVE-2023-1076 [MEDIUM] Linux kernel (OEM) vulnerabilities
Title: Linux kernel (OEM) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel did not properly perform filter deactivation in some
situations. A local attacker could possibly use this to gain elevated
privileges. Please note that with the fix for this CVE, kernel support for
the TCINDEX classifier has been removed. (CVE-2023-1829)
William Zhao discovered that the Traffic Control (TC) subsystem in the
Linux kernel did not properly handle network packet retransmission in
certain situations. A local attacker could use this to cause a denial of
service (kernel deadlock). (CVE-2022-4269)
Thadeu Cascardo discovered that the io_uring subsystem contained a double-
free vul
Red Hat
kernel: Spectre v2 SMT mitigations problem
vendor_redhat·2023-04-12·CVSS 5.6
CVE-2023-1998 [MEDIUM] CWE-653 kernel: Spectre v2 SMT mitigations problem
kernel: Spectre v2 SMT mitigations problem
The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line.
This happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit was
Microsoft
Spectre v2 SMT mitigations problem in Linux kernel
vendor_msrc·2023-04-11·CVSS 5.6
CVE-2023-1998 [MEDIUM] CWE-203 Spectre v2 SMT mitigations problem in Linux kernel
Spectre v2 SMT mitigations problem in Linux kernel
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
Google: Google
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn.mi
Debian
CVE-2023-1998: linux - The Linux kernel allows userspace processes to enable mitigations by calling prc...
vendor_debian·2023·CVSS 5.6
CVE-2023-1998 [MEDIUM] CVE-2023-1998: linux - The Linux kernel allows userspace processes to enable mitigations by calling prc...
The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line. This happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to p
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
osv·2024-04-19·CVSS 7.0
CVE-2022-20422 [HIGH] linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
It was discovered that a race condition existed in the instruction emulator
of the Linux kernel on Arm 64-bit systems. A local attacker could use this
to cause a denial of service (system crash). (CVE-2022-20422)
Wei Chen discovered that a race condition existed in the TIPC protocol
implementation in the Linux kernel, leading to a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-1382)
Jose Oliveira and Rodrigo Branco discovered that the Spectre Variant 2
mitigations with prctl syscall were insufficient in some situations. A
local attacker could possibly use this to expose sensitive information.
(CVE-2023-1998)
Daniele Antonioli discovered that the
OSV
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities
osv·2024-04-19·CVSS 4.7
CVE-2023-1382 [MEDIUM] linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities
Wei Chen discovered that a race condition existed in the TIPC protocol
implementation in the Linux kernel, leading to a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-1382)
It was discovered that the virtio network implementation in the Linux
kernel did not properly handle file references in the host, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly expose sensitive information
(kernel memory). (CVE-2023-1838)
Jose Oliveira and Rodrigo Branco discovered that the Spectre Variant 2
mitigati
OSV
linux-iot vulnerabilities
osv·2023-07-27·CVSS 5.5
CVE-2022-3108 [MEDIUM] linux-iot vulnerabilities
linux-iot vulnerabilities
Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon
GPU devices did not properly validate memory allocation in certain
situations, leading to a null pointer dereference vulnerability. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2022-3108)
Zheng Wang discovered that the Intel i915 graphics driver in the Linux
kernel did not properly handle certain error conditions, leading to a
double-free. A local attacker could possibly use this to cause a denial of
service (system crash). (CVE-2022-3707)
It was discovered that the infrared transceiver USB driver did not properly
handle USB control messages. A local attacker with physical access could
plug in a specially crafted USB device to cause a denial of service
OSV
linux-xilinx-zynqmp vulnerabilities
osv·2023-07-12·CVSS 5.5
CVE-2022-3108 [MEDIUM] linux-xilinx-zynqmp vulnerabilities
linux-xilinx-zynqmp vulnerabilities
Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon
GPU devices did not properly validate memory allocation in certain
situations, leading to a null pointer dereference vulnerability. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2022-3108)
Zheng Wang discovered that the Intel i915 graphics driver in the Linux
kernel did not properly handle certain error conditions, leading to a
double-free. A local attacker could possibly use this to cause a denial of
service (system crash). (CVE-2022-3707)
It was discovered that the infrared transceiver USB driver did not properly
handle USB control messages. A local attacker with physical access could
plug in a specially crafted USB device to cause a denial
OSV
linux-azure-fde vulnerabilities
osv·2023-07-12·CVSS 5.5
CVE-2023-1076 [MEDIUM] linux-azure-fde vulnerabilities
linux-azure-fde vulnerabilities
It was discovered that the TUN/TAP driver in the Linux kernel did not
properly initialize socket data. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-1076)
It was discovered that the Real-Time Scheduling Class implementation in the
Linux kernel contained a type confusion vulnerability in some situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-1077)
It was discovered that the ASUS HID driver in the Linux kernel did not
properly handle device removal, leading to a use-after-free vulnerability.
A local attacker with physical access could plug in a specially crafted USB
device to cause a denial of service (system crash). (CVE-2023-1079)
It was discovered that the Xircom P
OSV
linux-intel-iotg vulnerabilities
osv·2023-07-06·CVSS 5.5
CVE-2023-1076 [MEDIUM] linux-intel-iotg vulnerabilities
linux-intel-iotg vulnerabilities
It was discovered that the TUN/TAP driver in the Linux kernel did not
properly initialize socket data. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-1076)
It was discovered that the Real-Time Scheduling Class implementation in the
Linux kernel contained a type confusion vulnerability in some situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-1077)
It was discovered that the ASUS HID driver in the Linux kernel did not
properly handle device removal, leading to a use-after-free vulnerability.
A local attacker with physical access could plug in a specially crafted USB
device to cause a denial of service (system crash). (CVE-2023-1079)
It was discovered that the Xircom
OSV
linux-aws, linux-azure, linux-bluefield, linux-gcp, linux-gke, linux-gkeop, linux-ibm, linux-kvm, linux-oracle, linux-raspi vulnerabilities
osv·2023-06-22·CVSS 5.5
CVE-2023-1076 [MEDIUM] linux-aws, linux-azure, linux-bluefield, linux-gcp, linux-gke, linux-gkeop, linux-ibm, linux-kvm, linux-oracle, linux-raspi vulnerabilities
linux-aws, linux-azure, linux-bluefield, linux-gcp, linux-gke, linux-gkeop, linux-ibm, linux-kvm, linux-oracle, linux-raspi vulnerabilities
It was discovered that the TUN/TAP driver in the Linux kernel did not
properly initialize socket data. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-1076)
It was discovered that the Real-Time Scheduling Class implementation in the
Linux kernel contained a type confusion vulnerability in some situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-1077)
It was discovered that the ASUS HID driver in the Linux kernel did not
properly handle device removal, leading to a use-after-free vulnerability.
A local attacker with physical access could plug in a specially crafted
OSV
linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.19, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi vulnerabilities
osv·2023-06-16·CVSS 5.5
CVE-2022-4269 [MEDIUM] linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.19, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi vulnerabilities
linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.19, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi vulnerabilities
William Zhao discovered that the Traffic Control (TC) subsystem in the
Linux kernel did not properly handle network packet retransmission in
certain situations. A local attacker could use this to cause a denial of
service (kernel deadlock). (CVE-2022-4269)
It was discovered that the TUN/TAP driver in the Linux kernel did not
properly initialize socket data. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-1076)
It was discovered that the Real-Time Scheduling Class implementation in the
Linux kernel contained a type confusion vulnerability in some situations. A
local attacker could use this to cause a denial of service (sys
OSV
linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-kvm, linux-lo
osv·2023-06-16·CVSS 5.5
CVE-2023-1076 [MEDIUM] linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-kvm, linux-lo
linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, linux-oracle-5.15, linux-raspi vulnerabilities
It was discovered that the TUN/TAP driver in the Linux kernel did not
properly initialize socket data. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-1076)
It was discovered that the Real-Time Scheduling Class implementation in the
Linux kernel contained a type confusion vulnerability in some situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-1077)
It was discovered that the ASUS HID driver in the Linux kern
OSV
CVE-2023-1998: The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature
osv·2023-04-21·CVSS 5.6
CVE-2023-1998 [MEDIUM] CVE-2023-1998: The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature
The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line. This happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to p
OSV
linux-oem-6.1 vulnerabilities
osv·2023-04-19·CVSS 5.5
CVE-2023-1829 [MEDIUM] linux-oem-6.1 vulnerabilities
linux-oem-6.1 vulnerabilities
It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel did not properly perform filter deactivation in some
situations. A local attacker could possibly use this to gain elevated
privileges. Please note that with the fix for this CVE, kernel support for
the TCINDEX classifier has been removed. (CVE-2023-1829)
William Zhao discovered that the Traffic Control (TC) subsystem in the
Linux kernel did not properly handle network packet retransmission in
certain situations. A local attacker could use this to cause a denial of
service (kernel deadlock). (CVE-2022-4269)
Thadeu Cascardo discovered that the io_uring subsystem contained a double-
free vulnerability in certain memory allocation error conditions. A local
attacker cou
No detection rules found.
No writeups or analysis indexed.
https://github.com/google/security-research/security/advisories/GHSA-mj4w-6495-6crxhttps://github.com/torvalds/linux/commit/6921ed9049bc7457f66c1596c5b78aec0dae4a9dhttps://kernel.dance/#6921ed9049bc7457f66c1596c5b78aec0dae4a9dhttps://lists.debian.org/debian-lts-announce/2023/05/msg00005.htmlhttps://lists.debian.org/debian-lts-announce/2023/05/msg00006.htmlhttps://github.com/google/security-research/security/advisories/GHSA-mj4w-6495-6crxhttps://github.com/torvalds/linux/commit/6921ed9049bc7457f66c1596c5b78aec0dae4a9dhttps://kernel.dance/#6921ed9049bc7457f66c1596c5b78aec0dae4a9dhttps://lists.debian.org/debian-lts-announce/2023/05/msg00005.htmlhttps://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
2023-04-21
Published