CVE-2023-0597

Published: Feb 23, 2023Modified: Mar 12, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected location in memory.

Affected (1)

Products: Linux: Linux Kernel

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Version 6.2 rc1

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (5)

http://www.openwall.com/lists/oss-security/2023/07/28/1

Source: secalert@redhat.com

https://git.kernel.org/linus/97e3d26b5e5f371b3ee223d94dd123e6c442ba80

Source: secalert@redhat.com

Mailing ListPatch

http://www.openwall.com/lists/oss-security/2023/07/28/1

Source: af854a3a-2127-422b-91ae-364da2661108

https://git.kernel.org/linus/97e3d26b5e5f371b3ee223d94dd123e6c442ba80

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatch

https://www.openwall.com/lists/oss-security/2023/07/28/1

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Timeline

No history available yet.