Bug 2193219 (CVE-2023-0458) - CVE-2023-0458 kernel: speculative pointer dereference in do_prlimit() in kernel/sys.c
Summary: CVE-2023-0458 kernel: speculative pointer dereference in do_prlimit() in kern...
Keywords:
Status: NEW
Alias: CVE-2023-0458
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2196314 2196315 2196316 2196317 2214850 2215015 2215055 2215107
Blocks: 2190088
TreeView+ depends on / blocked
 
Reported: 2023-05-04 18:12 UTC by Guilherme de Almeida Suckevicz
Modified: 2025-06-02 15:27 UTC (History)
45 users (show)

Fixed In Version: kernel 6.2
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2023:7268 0 None None None 2023-11-15 18:24:51 UTC
Red Hat Product Errata RHBA-2023:7328 0 None None None 2023-11-16 11:39:00 UTC
Red Hat Product Errata RHBA-2023:7338 0 None None None 2023-11-16 18:04:22 UTC
Red Hat Product Errata RHBA-2023:7343 0 None None None 2023-11-20 01:58:53 UTC
Red Hat Product Errata RHBA-2023:7346 0 None None None 2023-11-20 09:25:53 UTC
Red Hat Product Errata RHSA-2023:4377 0 None None None 2023-08-01 09:17:33 UTC
Red Hat Product Errata RHSA-2023:4378 0 None None None 2023-08-01 08:59:26 UTC
Red Hat Product Errata RHSA-2023:4801 0 None None None 2023-08-29 09:20:52 UTC
Red Hat Product Errata RHSA-2023:4814 0 None None None 2023-08-29 09:20:08 UTC
Red Hat Product Errata RHSA-2023:6901 0 None None None 2023-11-14 15:15:35 UTC
Red Hat Product Errata RHSA-2023:7077 0 None None None 2023-11-14 15:20:55 UTC
Red Hat Product Errata RHSA-2024:0575 0 None None None 2024-01-30 13:21:32 UTC
Red Hat Product Errata RHSA-2024:0724 0 None None None 2024-02-07 16:30:14 UTC

Description Guilherme de Almeida Suckevicz 2023-05-04 18:12:54 UTC 
A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11.

Reference and upstream patch:
https://github.com/torvalds/linux/commit/739790605705ddcf18f21782b9c99ad7d53a8c11
Comment 10 errata-xmlrpc 2023-08-01 08:59:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:4378 https://access.redhat.com/errata/RHSA-2023:4378
Comment 11 errata-xmlrpc 2023-08-01 09:17:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:4377 https://access.redhat.com/errata/RHSA-2023:4377
Comment 12 errata-xmlrpc 2023-08-29 09:20:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:4814 https://access.redhat.com/errata/RHSA-2023:4814
Comment 13 errata-xmlrpc 2023-08-29 09:20:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:4801 https://access.redhat.com/errata/RHSA-2023:4801
Comment 14 errata-xmlrpc 2023-11-14 15:15:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:6901 https://access.redhat.com/errata/RHSA-2023:6901
Comment 15 errata-xmlrpc 2023-11-14 15:20:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:7077 https://access.redhat.com/errata/RHSA-2023:7077
Comment 18 errata-xmlrpc 2024-01-30 13:21:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:0575 https://access.redhat.com/errata/RHSA-2024:0575
Comment 20 errata-xmlrpc 2024-02-07 16:30:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:0724 https://access.redhat.com/errata/RHSA-2024:0724
Note You need to log in before you can comment on or make changes to this bug.