Vulnerability Details : CVE-2023-0458
A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11
Products affected by CVE-2023-0458
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.2:rc4:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-0458
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 12 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-0458
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.6
|
3.6
|
Google Inc. | |
4.7
|
MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.0
|
3.6
|
NIST |
CWE ids for CVE-2023-0458
-
The product dereferences a pointer that it expects to be valid but is NULL.Assigned by:
- cve-coordination@google.com (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2023-0458
-
https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
[SECURITY] [DLA 3403-1] linux security updateMailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
[SECURITY] [DLA 3404-1] linux-5.10 security updateMailing List;Third Party Advisory
-
https://github.com/torvalds/linux/commit/739790605705ddcf18f21782b9c99ad7d53a8c11
prlimit: do_prlimit needs to have a speculation check · torvalds/linux@7397906 · GitHubPatch
-
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/diff/kernel/sys.c?id=v6.1.8&id2=v6.1.7
kernel/git/stable/linux.git - Linux kernel stable treePatch
Jump to