Bug 2193219 (CVE-2023-0458) - CVE-2023-0458 kernel: speculative pointer dereference in do_prlimit() in kernel/sys.c
Summary: CVE-2023-0458 kernel: speculative pointer dereference in do_prlimit() in kern...
Keywords:
Status: NEW
Alias: CVE-2023-0458
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2196314 2196315 2196316 2196317 2214850 2215055 2215015 2215107
Blocks: 2190088
TreeView+ depends on / blocked
 
Reported: 2023-05-04 18:12 UTC by Guilherme de Almeida Suckevicz
Modified: 2023-08-01 09:17 UTC (History)
46 users (show)

Fixed In Version: kernel 6.2
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:4377 0 None None None 2023-08-01 09:17:33 UTC
Red Hat Product Errata RHSA-2023:4378 0 None None None 2023-08-01 08:59:26 UTC

Description Guilherme de Almeida Suckevicz 2023-05-04 18:12:54 UTC 
A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11.

Reference and upstream patch:
https://github.com/torvalds/linux/commit/739790605705ddcf18f21782b9c99ad7d53a8c11
Comment 10 errata-xmlrpc 2023-08-01 08:59:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:4378 https://access.redhat.com/errata/RHSA-2023:4378
Comment 11 errata-xmlrpc 2023-08-01 09:17:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:4377 https://access.redhat.com/errata/RHSA-2023:4377
Note You need to log in before you can comment on or make changes to this bug.