exploitDog

CVE-2023-0045

Опубликовано: 25 апр. 2023

Источник: nvd

CVSS3: 4.7

CVSS3: 7.5

EPSS Низкий

Описание

The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176.

We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96

Ссылки

https://git.kernel.org/tip/a664ec9158eeddd75121d39c9a0758016097fa96
Mailing List
Patch
https://github.com/google/security-research/security/advisories/GHSA-9x5g-vmxf-4qj8
Exploit
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
Mailing List
Third Party Advisory
https://security.netapp.com/advisory/ntap-20230714-0001/
Third Party Advisory
https://git.kernel.org/tip/a664ec9158eeddd75121d39c9a0758016097fa96
Mailing List
Patch
https://github.com/google/security-research/security/advisories/GHSA-9x5g-vmxf-4qj8
Exploit
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
Mailing List
Third Party Advisory
https://security.netapp.com/advisory/ntap-20230714-0001/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 3.16.68 (включая) до 3.17 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.4.180 (включая) до 4.5 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.9.176 (включая) до 4.10 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.14.86 (включая) до 4.14.303 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.19.7 (включая) до 4.19.270 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.20 (включая) до 5.4.229 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.5.0 (включая) до 5.10.163 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.11 (включая) до 5.15.87 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.16 (включая) до 6.0.19 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 6.1 (включая) до 6.1.5 (исключая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Конфигурация 6

Одновременно

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Конфигурация 7

Одновременно

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Конфигурация 8

Одновременно

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00223

Низкий

4.7 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-610

CWE-610

Связанные уязвимости

CVE-2023-0045

CVSS3: 4.7

ubuntu

почти 3 года назад

The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176. We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96

CVE-2023-0045

CVSS3: 4.7

redhat

около 3 лет назад

The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176. We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96

CVE-2023-0045

CVSS3: 4.7

debian

почти 3 года назад

The current implementation of the prctl syscall does not issue an IBPB ...

BDU:2023-00749

CVSS3: 7.5

fstec

около 3 лет назад

Уязвимость функции ib_prctl_set() ядра операционной системы Linux, позволяющая нарушителю получить доступ к защищаемой информации.

SUSE-SU-2023:0485-1

suse-cvrf

почти 3 года назад

Security update for the Linux Kernel

EPSS

Процентиль: 45%

0.00223

Низкий

4.7 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-610

CWE-610