Lucene search

[email protected]CVE-2023-0045

HistoryApr 25, 2023 - 11:15 p.m.

CVE-2023-0045

2023-04-2523:15:09

CWE-610

[email protected]

web.nvd.nist.gov

148

prctl syscall

kernel 4.9.176

ibpb

tifs

spec_ctrl msr

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.9%

JSON

The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176.

We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96

Affected configurations

NVD

Node

linuxlinux_kernelRange3.16.68–3.17

linuxlinux_kernelRange4.4.180–4.5

linuxlinux_kernelRange4.9.176–4.10

linuxlinux_kernelRange4.14.86–4.14.303

linuxlinux_kernelRange4.19.7–4.19.270

linuxlinux_kernelRange4.20–5.4.229

linuxlinux_kernelRange5.5.0–5.10.163

linuxlinux_kernelRange5.11–5.15.87

linuxlinux_kernelRange5.16–6.0.19

linuxlinux_kernelRange6.1–6.1.5

Node

debiandebian_linuxMatch10.0

Node

netappactive_iq_unified_managerMatch-vmware_vsphere

Node

netapph300sMatch-

AND

netapph300s_firmwareMatch-

Node

netapph500sMatch-

AND

netapph500s_firmwareMatch-

Node

netapph700sMatch-

AND

netapph700s_firmwareMatch-

Node

netapph410sMatch-

AND

netapph410s_firmwareMatch-

Node

netapph410c_firmwareMatch-

AND

netapph410cMatch-

CPENameOperatorVersion
linux:linux_kernellinux linux kernellt3.17
linux:linux_kernellinux linux kernellt4.5
linux:linux_kernellinux linux kernellt4.10
linux:linux_kernellinux linux kernellt4.14.303
linux:linux_kernellinux linux kernellt4.19.270
linux:linux_kernellinux linux kernellt5.4.229
linux:linux_kernellinux linux kernellt5.10.163
linux:linux_kernellinux linux kernellt5.15.87
linux:linux_kernellinux linux kernellt6.0.19
linux:linux_kernellinux linux kernellt6.1.5

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	lt	3.17
linux:linux_kernel	linux linux kernel	lt	4.5
linux:linux_kernel	linux linux kernel	lt	4.10
linux:linux_kernel	linux linux kernel	lt	4.14.303
linux:linux_kernel	linux linux kernel	lt	4.19.270
linux:linux_kernel	linux linux kernel	lt	5.4.229
linux:linux_kernel	linux linux kernel	lt	5.10.163
linux:linux_kernel	linux linux kernel	lt	5.15.87
linux:linux_kernel	linux linux kernel	lt	6.0.19
linux:linux_kernel	linux linux kernel	lt	6.1.5

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "packageName": "kernel",
    "product": "Linux Kernel",
    "repo": "https://git.kernel.org",
    "vendor": "Linux",
    "versions": [
      {
        "lessThan": "a664ec9158eeddd75121d39c9a0758016097fa96",
        "status": "affected",
        "version": "9137bb27e60e",
        "versionType": "git"
      }
    ]
  }
]