CVE-2023-52597Improper Input Validation in Linux

CWE-20Improper Input Validation40 documents8 sources
Severity
4.0MEDIUMNVD
OSV7.5OSV6.5OSV5.5
EPSS
0.0%
top 94.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedMar 6
Latest updateAug 14

Description

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix setting of fpc register kvm_arch_vcpu_ioctl_set_fpu() allows to set the floating point control (fpc) register of a guest cpu. The new value is tested for validity by temporarily loading it into the fpc register. This may lead to corruption of the fpc register of the host process: if an interrupt happens while the value is temporarily loaded into the fpc register, and within interrupt context floating point or v

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:LExploitability: 1.4 | Impact: 2.5

Affected Packages5 packages

NVDlinux/linux_kernel4.205.4.269+6
Debianlinux/linux_kernel< 5.10.216-1+3
Ubuntulinux/linux_kernel< 5.4.0-181.201+1
CVEListV5linux/linux4725c86055f5bbdcdfe47199c0715881893a2c793a04410b0bc7e056e0843ac598825dd359246d18+8
debiandebian/linux< linux 6.1.82-1 (bookworm)

Also affects: Debian Linux 10.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

19
OSV
linux-oracle-6.5 vulnerabilities2024-06-26
OSV
linux-hwe-6.5 vulnerabilities2024-06-18
OSV
linux-nvidia-6.5 vulnerabilities2024-06-14
OSV
linux-oem-6.5 vulnerabilities2024-06-12
OSV
linux-intel-iotg-5.15 vulnerabilities2024-06-11

📋Vendor Advisories

19
CISA ICS
Siemens SINEC OS2025-08-14
Ubuntu
Linux kernel (Oracle) vulnerabilities2024-06-26
Ubuntu
Linux kernel (HWE) vulnerabilities2024-06-18
Ubuntu
Linux kernel (NVIDIA) vulnerabilities2024-06-14
Ubuntu
Linux kernel (OEM) vulnerabilities2024-06-12

💬Community

1
Bugzilla
CVE-2023-52597 kernel: KVM: s390: fix setting of fpc register2024-03-06