CVE-2023-52482 : In the Linux kernel, the following vulnerability has been resolved: x86/srso: A

In the Linux kernel, the following vulnerability has been resolved: x86/srso: Add SRSO mitigation for Hygon processors Add mitigation for the speculative return stack overflow vulnerability which exists on Hygon processors too.

Published 2024-02-29 06:15:46

Updated 2025-01-13 18:27:11

Source Linux

View at NVD, CVE.org

Products affected by CVE-2023-52482

Debian » Debian Linux » Version: 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.11 and before (<) 5.15.134
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.16 and before (<) 6.1.56
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 6.2 and before (<) 6.5.6
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions before (<) 5.10.215
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.6 Update RC1
cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.6 Update RC2
cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.6 Update RC3
cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-52482

EPSS FAQ

0.01%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 1 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-52482

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST	2025-01-13
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	N/A	N/A	RedHat-CVE-2023-52482	2024-02-29
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2023-52482

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-52482

https://git.kernel.org/stable/c/e7ea043bc3f19473561c08565047b3f1671bf35d

x86/srso: Add SRSO mitigation for Hygon processors - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/cf43b304b6952b549d58feabc342807b334f03d4

x86/srso: Add SRSO mitigation for Hygon processors - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/6ce2f297a7168274547d0b5aea6c7c16268b8a96

x86/srso: Add SRSO mitigation for Hygon processors - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/a5ef7d68cea1344cf524f04981c2b3f80bedbb0d

x86/srso: Add SRSO mitigation for Hygon processors - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/f090a8b4d2e3ec6f318d6fdab243a2edc5a8cc37

x86/srso: Add SRSO mitigation for Hygon processors - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

[SECURITY] [DLA 3842-1] linux-5.10 security update
Mailing List

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-52482

Products affected by CVE-2023-52482

Exploit prediction scoring system (EPSS) score for CVE-2023-52482

CVSS scores for CVE-2023-52482

CWE ids for CVE-2023-52482

References for CVE-2023-52482