Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-30456

Опубликовано: 10 апр. 2023
Источник: redhat
CVSS3: 6
EPSS Низкий

Описание

An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.

A flaw was found in the KVM's Intel nested virtualization feature (nVMX). The effective values of the guest CR0 and CR4 registers could differ from those included in the VMCS12. In rare circumstances (i.e., kvm_intel module loaded with parameters nested=1 and ept=0) this could allow a malicious guest to crash the host system, causing a denial of service.

Отчет

Red Hat currently provides the nested virtualization feature as a Technology Preview. Nested virtualization is therefore unsupported for production use. For more information please refer to https://access.redhat.com/solutions/21101 and https://access.redhat.com/support/offerings/techpreview.

Меры по смягчению последствий

This vulnerability can be mitigated by disabling the nested virtualization feature:

# modprobe -r kvm_intel # modprobe kvm_intel nested=0

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernelOut of support scope
Red Hat Enterprise Linux 7kernel-rtOut of support scope
Red Hat Enterprise Linux 9kernel-rtAffected
Red Hat Enterprise Linux 8kernel-rtFixedRHSA-2023:690114.11.2023
Red Hat Enterprise Linux 8kernelFixedRHSA-2023:707714.11.2023
Red Hat Enterprise Linux 8.6 Extended Update SupportkernelFixedRHSA-2024:093021.02.2024
Red Hat Enterprise Linux 8.8 Extended Update SupportkernelFixedRHSA-2024:140419.03.2024
Red Hat Enterprise Linux 9kernelFixedRHSA-2023:658307.11.2023
Red Hat Enterprise Linux 9kernelFixedRHSA-2023:658307.11.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-358
https://bugzilla.redhat.com/show_bug.cgi?id=2188468kernel: KVM: nVMX: missing consistency checks for CR0 and CR4

EPSS

Процентиль: 0%
0.00008
Низкий

6 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-30456

CVSS3: 6.5
ubuntu
около 2 лет назад

An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.

nvd логотип

CVE-2023-30456

CVSS3: 6.5
nvd
около 2 лет назад

An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.

msrc логотип

CVE-2023-30456

CVSS3: 6.5
msrc
около 2 лет назад

Описание отсутствует

debian логотип

CVE-2023-30456

CVSS3: 6.5
debian
около 2 лет назад

An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kern ...

github логотип

GHSA-88gp-69jr-39m4

CVSS3: 7.8
github
около 2 лет назад

An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.

EPSS

Процентиль: 0%
0.00008
Низкий

6 Medium

CVSS3