CVE-2023-5090

2023-11-0600:00:00

ubuntu.com

kvm security flaw

x2apic msrs

denial of service

6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A flaw was found in KVM. An improper check in
svm_set_x2apic_msr_interception() may allow direct access to host x2apic
msrs when the guest resets its apic, potentially leading to a denial of
service condition.

Bugs

Notes

Author	Note
	Priority reason: Local guest OS can affect the integrity of host x2APIC, potentially leading to denial of service.

OSVersionArchitecturePackageVersionFilename
ubuntu23.04noarchlinux< 6.2.0-37.38UNKNOWN
ubuntu23.10noarchlinux< 6.5.0-13.13UNKNOWN
ubuntu24.04noarchlinux< anyUNKNOWN
ubuntu23.04noarchlinux-aws< 6.2.0-1016.16UNKNOWN
ubuntu23.10noarchlinux-aws< 6.5.0-1010.10UNKNOWN
ubuntu24.04noarchlinux-aws< anyUNKNOWN
ubuntu22.04noarchlinux-aws-6.2< 6.2.0-1016.16~22.04.1UNKNOWN
ubuntu23.04noarchlinux-azure< 6.2.0-1017.17UNKNOWN
ubuntu23.10noarchlinux-azure< 6.5.0-1009.9UNKNOWN
ubuntu24.04noarchlinux-azure< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	23.04	noarch	linux	< 6.2.0-37.38	UNKNOWN
ubuntu	23.10	noarch	linux	< 6.5.0-13.13	UNKNOWN
ubuntu	24.04	noarch	linux	< any	UNKNOWN
ubuntu	23.04	noarch	linux-aws	< 6.2.0-1016.16	UNKNOWN
ubuntu	23.10	noarch	linux-aws	< 6.5.0-1010.10	UNKNOWN
ubuntu	24.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws-6.2	< 6.2.0-1016.16~22.04.1	UNKNOWN
ubuntu	23.04	noarch	linux-azure	< 6.2.0-1017.17	UNKNOWN
ubuntu	23.10	noarch	linux-azure	< 6.5.0-1009.9	UNKNOWN
ubuntu	24.04	noarch	linux-azure	< any	UNKNOWN