CVE-2023-30456
Advisory lineage Upstream: 0 Downstream: 32
Modified
Published: 10 Apr 2023, 00:00
Last modified:19 Mar 2025, 15:43
Vulnerability Summary
Overall Risk (default)
medium
26/100 CVSS Score
6.5 MEDIUM
v3.1 (cve.org)
EPSS Score
0.02% LOW
0% probability +0.01%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
10 Apr 2023, 00:00
Published
Vulnerability first disclosed
19 Mar 2025, 15:43
Last Modified
Vulnerability information updated
Description
An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.
CVSS Metrics
- v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
EPSS Trends
Current EPSS score: 0.02%• Percentile: 7%
Techniques & Countermeasures
- CWE-754•Improper Check for Unusual or Exceptional Conditions
The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.
Affected Systems
- linux•linux_kernel
< 6.2.8 | 6.3:rc1 | 6.3:rc2
References (6)
- https://github.com/torvalds/linux/commit/112e66017bff7f2837030f34c2bc19501e9212d5
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.8
- https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
- https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
- https://security.netapp.com/advisory/ntap-20230511-0007/
- http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html