← Back

CVE-2023-0045

nvd nist
Published: Apr 25, 2023Modified: Feb 13, 2025

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set  function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall.  The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176. We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96

Affected (17)

Linux
1 product
Linux Kernel
Debian
1 product
Debian Linux
Netapp
6 products
Active Iq Unified Manager
H300s Firmware
H500s Firmware
H700s Firmware
H410s Firmware
H410c Firmware
Configuration A
10 vulnerable
Vulnerable SoftwareAffected Versions
Linux
Linux Kernel
From 3.16.68 to 3.17
Linux Kernel
From 4.14.86 to 4.14.303
Linux Kernel
From 4.19.7 to 4.19.270
Linux Kernel
From 4.20 to 5.4.229
Linux Kernel
From 4.4.180 to 4.5
Linux Kernel
From 4.9.176 to 4.10
Linux Kernel
From 5.11 to 5.15.87
Linux Kernel
From 5.16 to 6.0.19
Linux Kernel
From 5.5.0 to 5.10.163
Linux Kernel
From 6.1 to 6.1.5
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 10.0
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Active Iq Unified Manager
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H300s Firmware
All versions
Running on/withPlatform Versions
Netapp
H300s
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H500s Firmware
All versions
Running on/withPlatform Versions
Netapp
H500s
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H700s Firmware
All versions
Running on/withPlatform Versions
Netapp
H700s
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H410s Firmware
All versions
Running on/withPlatform Versions
Netapp
H410s
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H410c Firmware
All versions
Running on/withPlatform Versions
Netapp
H410c
All versions

Related CWEs

CWE-610
Externally Controlled Reference to a Resource in Another Sphere
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

References (10)

Source: cve-coordination@google.com
Mailing ListPatch
Source: cve-coordination@google.com
ExploitThird Party Advisory
Source: cve-coordination@google.com
Mailing ListThird Party Advisory
Source: cve-coordination@google.com
Mailing ListThird Party Advisory
Source: cve-coordination@google.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatch
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.