CVE-2023-1513
Advisory lineage Upstream: 0 Downstream: 39
Modified
Published: 23 Mar 2023, 00:00
Last modified:25 Feb 2025, 19:33
Vulnerability Summary
Overall Risk (default)
low
13/100 CVSS Score
3.3 LOW
v3.1 (cve.org)
EPSS Score
0.02% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
23 Mar 2023, 00:00
Published
Vulnerability first disclosed
25 Feb 2025, 19:33
Last Modified
Vulnerability information updated
Description
A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.
CVSS Metrics
- v3.1•LOW•Score: 3.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Trends
Current EPSS score: 0.02%• Percentile: 7%
Techniques & Countermeasures
- CWE-665•Improper Initialization
The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.
Affected Systems
- fedoraproject•fedora
37
- linux•linux_kernel
< 6.2
- redhat•enterprise_linux
7.0 | 8.0 | 9.0
References (5)
- https://bugzilla.redhat.com/show_bug.cgi?id=2179892
- https://lore.kernel.org/kvm/20230214103304.3689213-1-gregkh%40linuxfoundation.org/
- https://github.com/torvalds/linux/commit/2c10b61421a28e95a46ab489fd56c0f442ff6952
- https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
- https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html