Bug 2193219 (CVE-2023-0458)

Summary: CVE-2023-0458 kernel: speculative pointer dereference in do_prlimit() in kernel/sys.c
Product: [Other] Security Response Reporter: Guilherme de Almeida Suckevicz <gsuckevi>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: acaringi, allarkin, bhu, chwhite, crwood, dbohanno, ddepaula, debarbos, dfreiber, drow, dvlasenk, ezulian, hkrzesin, jarod, jburrell, jfaracco, jferlan, jforbes, jlelli, joe.lawrence, jshortt, jstancek, jwyatt, kcarcia, kernel-mgr, kyoshida, ldoskova, lgoncalv, nmurray, ptalbert, qzhao, rogbas, rrobaina, rvrbovsk, scweaver, vkumar, walters, wcosta, williams, wmealing, ycote, zmiele
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: kernel 6.2 Doc Type: If docs needed, set a value
Doc Text:
A vulnerabilty was found in Linux Kernel, where a speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2196314, 2196315, 2196316, 2196317, 2214850, 2215015, 2215055, 2215107    
Bug Blocks: 2190088    

Description Guilherme de Almeida Suckevicz 2023-05-04 18:12:54 UTC 
A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11.

Reference and upstream patch:
https://github.com/torvalds/linux/commit/739790605705ddcf18f21782b9c99ad7d53a8c11
Comment 10 errata-xmlrpc 2023-08-01 08:59:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:4378 https://access.redhat.com/errata/RHSA-2023:4378
Comment 11 errata-xmlrpc 2023-08-01 09:17:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:4377 https://access.redhat.com/errata/RHSA-2023:4377
Comment 12 errata-xmlrpc 2023-08-29 09:20:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:4814 https://access.redhat.com/errata/RHSA-2023:4814
Comment 13 errata-xmlrpc 2023-08-29 09:20:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:4801 https://access.redhat.com/errata/RHSA-2023:4801
Comment 14 errata-xmlrpc 2023-11-14 15:15:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:6901 https://access.redhat.com/errata/RHSA-2023:6901
Comment 15 errata-xmlrpc 2023-11-14 15:20:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:7077 https://access.redhat.com/errata/RHSA-2023:7077
Comment 18 errata-xmlrpc 2024-01-30 13:21:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:0575 https://access.redhat.com/errata/RHSA-2024:0575
Comment 20 errata-xmlrpc 2024-02-07 16:30:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:0724 https://access.redhat.com/errata/RHSA-2024:0724