CVE-2023-1513

2023-03-2300:00:00

ubuntu.com

kvm

information leak

debugregs

32-bit

security

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0.001

Percentile

17.7%

JSON

A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on
32-bit systems, there might be some uninitialized portions of the
kvm_debugregs structure that could be copied to userspace, causing an
information leak.

Bugs

<https://bugzilla.redhat.com/show_bug.cgi?id=2179892>

Notes

Author	Note
cascardo	restricted info leak, only available to kvm group
sbeattie	WRT the break commit, there are two ways to look at this CVE: to consider it covering that the commit 97e69aa62f8b “KVM: x86: fix information leak to userland” (v2.6.37-rc2) incompletely fixed the information disclosure, or that it covers the information disclosure in its entirety. We have chosen to interpret it as the former here, as more than debugregs leaks were attempted to be covered by commit 97e69aa62f8b. This is despite the fact that it does not appear that a CVE was issued for the original kernel memory disclosure issue. If the interpretation is the latter, then the break commit would be a1efbe77c1fd “KVM: x86: Add support for saving&restoring debug registers” (v2.6.35-rc1).

Author

Note

cascardo

restricted info leak, only available to kvm group

sbeattie

WRT the break commit, there are two ways to look at this CVE: to consider it covering that the commit 97e69aa62f8b “KVM: x86: fix information leak to userland” (v2.6.37-rc2) incompletely fixed the information disclosure, or that it covers the information disclosure in its entirety. We have chosen to interpret it as the former here, as more than debugregs leaks were attempted to be covered by commit 97e69aa62f8b. This is despite the fact that it does not appear that a CVE was issued for the original kernel memory disclosure issue. If the interpretation is the latter, then the break commit would be a1efbe77c1fd “KVM: x86: Add support for saving&restoring debug registers” (v2.6.35-rc1).

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-211.222UNKNOWN
ubuntu20.04noarchlinux< 5.4.0-149.166UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-72.79UNKNOWN
ubuntu22.10noarchlinux< 5.19.0-42.43UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1156.169UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1102.110UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1036.40UNKNOWN
ubuntu22.10noarchlinux-aws< 5.19.0-1025.26UNKNOWN
ubuntu20.04noarchlinux-aws-5.15< 5.15.0-1036.40~20.04.1UNKNOWN
ubuntu18.04noarchlinux-aws-5.4< 5.4.0-1103.111~18.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	linux	< 4.15.0-211.222	UNKNOWN
ubuntu	20.04	noarch	linux	< 5.4.0-149.166	UNKNOWN
ubuntu	22.04	noarch	linux	< 5.15.0-72.79	UNKNOWN
ubuntu	22.10	noarch	linux	< 5.19.0-42.43	UNKNOWN
ubuntu	18.04	noarch	linux-aws	< 4.15.0-1156.169	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< 5.4.0-1102.110	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< 5.15.0-1036.40	UNKNOWN
ubuntu	22.10	noarch	linux-aws	< 5.19.0-1025.26	UNKNOWN
ubuntu	20.04	noarch	linux-aws-5.15	< 5.15.0-1036.40~20.04.1	UNKNOWN
ubuntu	18.04	noarch	linux-aws-5.4	< 5.4.0-1103.111~18.04.1	UNKNOWN