Bug 2193219 (CVE-2023-0458) - CVE-2023-0458 kernel: speculative pointer dereference in do_prlimit() in kernel/sys.c
Summary: CVE-2023-0458 kernel: speculative pointer dereference in do_prlimit() in kern...
Keywords:
Status: NEW
Alias: CVE-2023-0458
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2196314 2196315 2196316 2196317 2214850 2215015 2215055 2215107
Blocks: 2190088
TreeView+ depends on / blocked
 
Reported: 2023-05-04 18:12 UTC by Guilherme de Almeida Suckevicz
Modified: 2024-02-08 16:52 UTC (History)
46 users (show)

Fixed In Version: kernel 6.2
Doc Type: If docs needed, set a value
Doc Text:
A vulnerabilty was found in Linux Kernel, where a speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2023:7268 0 None None None 2023-11-15 18:24:51 UTC
Red Hat Product Errata RHBA-2023:7328 0 None None None 2023-11-16 11:39:00 UTC
Red Hat Product Errata RHBA-2023:7338 0 None None None 2023-11-16 18:04:22 UTC
Red Hat Product Errata RHBA-2023:7343 0 None None None 2023-11-20 01:58:53 UTC
Red Hat Product Errata RHBA-2023:7346 0 None None None 2023-11-20 09:25:53 UTC
Red Hat Product Errata RHSA-2023:4377 0 None None None 2023-08-01 09:17:33 UTC
Red Hat Product Errata RHSA-2023:4378 0 None None None 2023-08-01 08:59:26 UTC
Red Hat Product Errata RHSA-2023:4801 0 None None None 2023-08-29 09:20:52 UTC
Red Hat Product Errata RHSA-2023:4814 0 None None None 2023-08-29 09:20:08 UTC
Red Hat Product Errata RHSA-2023:6901 0 None None None 2023-11-14 15:15:35 UTC
Red Hat Product Errata RHSA-2023:7077 0 None None None 2023-11-14 15:20:55 UTC
Red Hat Product Errata RHSA-2024:0575 0 None None None 2024-01-30 13:21:32 UTC
Red Hat Product Errata RHSA-2024:0724 0 None None None 2024-02-07 16:30:14 UTC

Description Guilherme de Almeida Suckevicz 2023-05-04 18:12:54 UTC
A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11.

Reference and upstream patch:
https://github.com/torvalds/linux/commit/739790605705ddcf18f21782b9c99ad7d53a8c11

Comment 10 errata-xmlrpc 2023-08-01 08:59:22 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:4378 https://access.redhat.com/errata/RHSA-2023:4378

Comment 11 errata-xmlrpc 2023-08-01 09:17:30 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:4377 https://access.redhat.com/errata/RHSA-2023:4377

Comment 12 errata-xmlrpc 2023-08-29 09:20:05 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:4814 https://access.redhat.com/errata/RHSA-2023:4814

Comment 13 errata-xmlrpc 2023-08-29 09:20:48 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:4801 https://access.redhat.com/errata/RHSA-2023:4801

Comment 14 errata-xmlrpc 2023-11-14 15:15:31 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:6901 https://access.redhat.com/errata/RHSA-2023:6901

Comment 15 errata-xmlrpc 2023-11-14 15:20:51 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:7077 https://access.redhat.com/errata/RHSA-2023:7077

Comment 18 errata-xmlrpc 2024-01-30 13:21:28 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:0575 https://access.redhat.com/errata/RHSA-2024:0575

Comment 20 errata-xmlrpc 2024-02-07 16:30:10 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:0724 https://access.redhat.com/errata/RHSA-2024:0724


Note You need to log in before you can comment on or make changes to this bug.