CVE-2023-1637

2023-03-2722:15:21

CWE-226

CWE-212

redhat

web.nvd.nist.gov

cve-2023-1637

linux kernel

x86

cpu power management

speculative execution

vulnerability

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.7

Confidence

High

EPSS

Percentile

5.1%

JSON

A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of the CPU similar to the speculative execution behavior kind of attacks.

Affected configurations

Nvd

Vulners

Node

linuxlinux_kernelMatch5.18rc2

VendorProductVersionCPE
linuxlinux_kernel5.18cpe:2.3:o:linux:linux_kernel:5.18:rc2:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	5.18	cpe:2.3:o:linux:linux_kernel:5.18:rc2::::::

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Kernel",
    "versions": [
      {
        "version": "Linux kernel 5.18-rc2",
        "status": "affected"
      }
    ]
  }
]