Back to bug 2217523
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Alex | 2023-06-26 14:27:37 UTC | Depends On | 2217524 | |
| Alex | 2023-06-26 14:30:49 UTC | Comment | 1 | updated |
| Product Security DevOps Team | 2023-06-26 18:04:36 UTC | Status | NEW | CLOSED |
| Resolution | --- | NOTABUG | ||
| Last Closed | 2023-06-26 18:04:36 UTC | |||
| Alex | 2023-07-09 11:33:15 UTC | Status | CLOSED | NEW |
| Resolution | NOTABUG | --- | ||
| Keywords | Reopened | |||
| Alex | 2023-07-09 11:36:49 UTC | Depends On | 2221483, 2221486, 2221484, 2221485 | |
| Alex | 2023-07-12 15:03:51 UTC | Comment | 0 | updated |
| Alex | 2023-07-12 15:31:00 UTC | Doc Text | A possible memory leak flaw was found in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stack(s) or other important data. Comparing to previous similar CVE-2023-0597, discovered that the per-cpu entry area could also be mapped to the user space. As a result, the prefetchnta and prefetcht2 instructions allows to leak the per-cpu entry area. This issue could allow a local user to gain access to some important data with expected location in memory and as result potentially escalate their privileges on the system. | |
| Alex | 2023-07-12 15:33:17 UTC | Doc Text | A possible memory leak flaw was found in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stack(s) or other important data. Comparing to previous similar CVE-2023-0597, discovered that the per-cpu entry area could also be mapped to the user space. As a result, the prefetchnta and prefetcht2 instructions allows to leak the per-cpu entry area. This issue could allow a local user to gain access to some important data with expected location in memory and as result potentially escalate their privileges on the system. | A possible memory leak flaw was found in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stack(s) or other important data. Comparing to the previous similar CVE-2023-0597, discovered that the per-cpu entry area could also be mapped to the user space with the prefetchnta and prefetcht2 instructions that as result allows to leak the per-cpu entry area even if the fix for the CVE-2023-0597 already applied. This issue could allow a local user to gain access to some important data with expected location in memory and as result potentially escalate their privileges on the system. |
| Alex | 2023-07-12 15:34:45 UTC | Doc Text | A possible memory leak flaw was found in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stack(s) or other important data. Comparing to the previous similar CVE-2023-0597, discovered that the per-cpu entry area could also be mapped to the user space with the prefetchnta and prefetcht2 instructions that as result allows to leak the per-cpu entry area even if the fix for the CVE-2023-0597 already applied. This issue could allow a local user to gain access to some important data with expected location in memory and as result potentially escalate their privileges on the system. | A possible unauthorized memory access flaw was found in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stack(s) or other important data. Comparing to the previous similar CVE-2023-0597, discovered that the per-cpu entry area could also be mapped to the user space with the prefetchnta and prefetcht2 instructions that as result allows to leak the per-cpu entry area even if the fix for the CVE-2023-0597 already applied. This issue could allow a local user to gain access to some important data with expected location in memory and as result potentially escalate their privileges on the system. |
| Alex | 2023-07-12 15:38:18 UTC | Summary | Kernel: x86/mm: a per-cpu entry area leak was identified through the init_cea_offsets function | CVE-2023-3640 Kernel: x86/mm: a per-cpu entry area leak was identified through the init_cea_offsets function |
| Alias | CVE-2023-3640 | |||
| Alex | 2023-07-12 15:46:01 UTC | Summary | CVE-2023-3640 Kernel: x86/mm: a per-cpu entry area leak was identified through the init_cea_offsets function | CVE-2023-3640 Kernel: x86/mm: a per-cpu entry area leak was identified through the init_cea_offsets function when prefetchnta and prefetcht2 instructions being used for the per-cpu entry area mapping to the user space |
| Paige Jung | 2023-07-12 17:43:37 UTC | Doc Text | A possible unauthorized memory access flaw was found in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stack(s) or other important data. Comparing to the previous similar CVE-2023-0597, discovered that the per-cpu entry area could also be mapped to the user space with the prefetchnta and prefetcht2 instructions that as result allows to leak the per-cpu entry area even if the fix for the CVE-2023-0597 already applied. This issue could allow a local user to gain access to some important data with expected location in memory and as result potentially escalate their privileges on the system. | A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could allow a local user to gain access to some important data with memory in an expected location and potentially escalate their privileges on the system. |
Back to bug 2217523