CVE-2023-4155Time-of-check Time-of-use (TOCTOU) Race Condition in Redhat Enterprise Linux

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition24 documents10 sources
Severity
5.6MEDIUMNVD
CNA5.3OSV7.0OSV5.7
EPSS
0.0%
top 98.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelFedoraproject FedoraRedhat Enterprise Linux
Timeline
PublishedSep 13
Latest updateOct 31

Description

A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages (`CONFIG_VMAP_STACK`).

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 1.1 | Impact: 4.0

Affected Packages2 packages

Debianlinux/linux_kernel< 6.1.52-1+2
Ubuntulinux/linux_kernel< 5.15.0-86.96

Also affects: Enterprise Linux 8.0, 9.0, Fedora 37, 38

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

12
OSV
linux-nvidia-6.2 vulnerabilities2023-10-31
OSV
linux-intel-iotg-5.15 vulnerabilities2023-10-24
OSV
linux-intel-iotg vulnerabilities2023-10-19
OSV
linux-raspi vulnerabilities2023-10-19
OSV
linux-hwe-5.15, linux-oracle-5.15 vulnerabilities2023-10-06

📋Vendor Advisories

10
Ubuntu
Linux kernel (NVIDIA) vulnerabilities2023-10-31
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2023-10-19
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2023-10-19
Ubuntu
Linux kernel vulnerabilities2023-10-06
Ubuntu
Linux kernel vulnerabilities2023-10-05

💬Community

1
Bugzilla
CVE-2023-4155 kernel: KVM: SEV-ES / SEV-SNP VMGEXIT double fetch vulnerability2023-06-09
CVE-2023-4155 — Redhat Enterprise Linux vulnerability | cvebase