CVE-2023-1513

Published: Mar 23, 2023Modified: Feb 25, 2025

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.

Affected (5)

Products: Linux: Linux Kernel · Fedoraproject: Fedora · Redhat: Enterprise Linux

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 6.2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 37

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 7.0
Redhat Enterprise Linux	Version 8.0
Redhat Enterprise Linux	Version 9.0

Related CWEs

CWE-665

Improper Initialization

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

References (10)

https://bugzilla.redhat.com/show_bug.cgi?id=2179892

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://github.com/torvalds/linux/commit/2c10b61421a28e95a46ab489fd56c0f442ff6952

Source: secalert@redhat.com

Patch

https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html

Source: secalert@redhat.com

https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html

Source: secalert@redhat.com

https://lore.kernel.org/kvm/20230214103304.3689213-1-gregkh%40linuxfoundation.org/

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2179892