CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
61.1%
The current implementation of the prctl syscall does not issue an IBPB
immediately during the syscall. The ib_prctl_set function updates the
Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR
on the function __speculation_ctrl_update, but the IBPB is only issued on
the next schedule, when the TIF bits are checked. This leaves the victim
vulnerable to values already injected on the BTB, prior to the prctl
syscall. The patch that added the support for the conditional mitigation
via prctl (ib_prctl_set) dates back to the kernel 4.9.176. We recommend
upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96
Author | Note |
---|---|
rodrigo-zaiden | USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, it got fixed in version 4.15.0-1147.163~16.04.1 as published in USN-6009-1. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < 4.15.0-208.220 | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < 5.4.0-144.161 | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < 5.15.0-69.76 | UNKNOWN |
ubuntu | 22.10 | noarch | linux | < 5.19.0-38.39 | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < 4.4.0-237.271 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1153.166 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1097.105 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1033.37 | UNKNOWN |
ubuntu | 22.10 | noarch | linux-aws | < 5.19.0-1022.23 | UNKNOWN |
ubuntu | 23.04 | noarch | linux-aws | < 6.2.0-1002.2 | UNKNOWN |
git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit?id=e8377f0456fb6738a4668d4df16c13d7599925fd
git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=a664ec9158eeddd75121d39c9a0758016097fa96
github.com/es0j/CVE-2023-0045
launchpad.net/bugs/cve/CVE-2023-0045
nvd.nist.gov/vuln/detail/CVE-2023-0045
security-tracker.debian.org/tracker/CVE-2023-0045
ubuntu.com/security/notices/USN-5884-1
ubuntu.com/security/notices/USN-5913-1
ubuntu.com/security/notices/USN-5914-1
ubuntu.com/security/notices/USN-5915-1
ubuntu.com/security/notices/USN-5917-1
ubuntu.com/security/notices/USN-5924-1
ubuntu.com/security/notices/USN-5926-1
ubuntu.com/security/notices/USN-5927-1
ubuntu.com/security/notices/USN-5934-1
ubuntu.com/security/notices/USN-5939-1
ubuntu.com/security/notices/USN-5940-1
ubuntu.com/security/notices/USN-5951-1
ubuntu.com/security/notices/USN-5970-1
ubuntu.com/security/notices/USN-5975-1
ubuntu.com/security/notices/USN-5979-1
ubuntu.com/security/notices/USN-5981-1
ubuntu.com/security/notices/USN-5982-1
ubuntu.com/security/notices/USN-5984-1
ubuntu.com/security/notices/USN-5987-1
ubuntu.com/security/notices/USN-5991-1
ubuntu.com/security/notices/USN-6000-1
ubuntu.com/security/notices/USN-6004-1
ubuntu.com/security/notices/USN-6009-1
ubuntu.com/security/notices/USN-6030-1
www.cve.org/CVERecord?id=CVE-2023-0045
www.openwall.com/lists/oss-security/2023/02/03/1