CVE-2023-5090 — Improper Handling of Exceptional Conditions in Kernel

CWE-755 — Improper Handling of Exceptional Conditions CWE-703 — Improper Check or Handling of Exceptional Conditions20 documents10 sources

Severity

5.5MEDIUMNVD

CNA6.0

EPSS

0.0%

top 88.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Redhat Enterprise Linux

Timeline

PublishedNov 6

Latest updateJan 9

Description

A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶Debianlinux/linux_kernel< 6.1.64-1+2

▶NVDlinux/linux_kernel6.5+1

Also affects: Enterprise Linux 8.0, 9.0

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

OSV

linux-azure vulnerabilities↗2024-01-09

▶

OSV

linux-oem-6.1 vulnerabilities↗2023-11-21

▶

GHSA

GHSA-f67c-8m2w-79hm: A flaw was found in KVM↗2023-11-06

▶

CVEList

Kernel: kvm: svm: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs↗2023-11-06

▶

OSV

CVE-2023-5090: A flaw was found in KVM↗2023-11-06

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Azure) vulnerabilities↗2024-01-09

▶

Ubuntu

Linux kernel (GCP) vulnerabilities↗2023-12-06

▶

Ubuntu

Linux kernel vulnerabilities↗2023-11-30

▶

Ubuntu

Linux kernel (NVIDIA) vulnerabilities↗2023-11-28

▶

Ubuntu

Linux kernel (StarFive) vulnerabilities↗2023-11-28

▶

💬Community

Bugzilla

CVE-2023-5090 kernel: KVM: SVM: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs↗2023-11-06

▶