UBUNTU-CVE-2023-0597

Description

A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected location in memory.

CVSS Metrics

• v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Systems

• ubuntu•linux

  all | < 4.15.0-219.230 | < 5.4.0-166.183 | < 5.15.0-79.86

• ubuntu•linux-allwinner-5.19

  all

• ubuntu•linux-aws

  all | < 4.15.0-1162.175 | < 5.4.0-1113.123 | < 5.15.0-1042.47

• ubuntu•linux-aws-5.0

  all

• ubuntu•linux-aws-5.11

  all

• ubuntu•linux-aws-5.13

  all

• ubuntu•linux-aws-5.15

  < 5.15.0-1041.46~20.04.1

• ubuntu•linux-aws-5.19

  all

• ubuntu•linux-aws-5.3

  all

• ubuntu•linux-aws-5.4

  < 5.4.0-1113.123~18.04.1

• ubuntu•linux-aws-5.8

  all

• ubuntu•linux-aws-fips

  < 4.15.0-2101.107 | all | < 5.4.0-1113.123+fips1

• ubuntu•linux-aws-hwe

  < 4.15.0-1162.175~16.04.1

• ubuntu•linux-azure

  < 4.15.0-1171.186~14.04.1 | < 4.15.0-1171.186~16.04.1 | all | < 5.4.0-1119.126 | < 5.15.0-1045.52

• ubuntu•linux-azure-4.15

  < 4.15.0-1171.186

• ubuntu•linux-azure-5.11

  all

• ubuntu•linux-azure-5.13

  all

• ubuntu•linux-azure-5.15

  < 5.15.0-1045.52~20.04.1

• ubuntu•linux-azure-5.19

  all

• ubuntu•linux-azure-5.3

  all

• ubuntu•linux-azure-5.4

  < 5.4.0-1119.126~18.04.2

• ubuntu•linux-azure-5.8

  all

• ubuntu•linux-azure-edge

  all

• ubuntu•linux-azure-fde

  all | < 5.15.0-1044.51.1

• ubuntu•linux-azure-fde-5.15

  all

• ubuntu•linux-azure-fde-5.19

  all

• ubuntu•linux-azure-fips

  < 4.15.0-2080.86 | all | < 5.4.0-1119.126+fips1

• ubuntu•linux-bluefield

  < 5.15.0-1022.24 | < 5.4.0-1074.80 | < 5.15.0-1022.24

• ubuntu•linux-fips

  all | < 4.15.0-1117.128 | < 5.4.0-1088.97

• ubuntu•linux-gcp

  < 4.15.0-1156.173~16.04.1 | all | < 5.4.0-1117.126 | < 5.15.0-1039.47

• ubuntu•linux-gcp-4.15

  < 4.15.0-1156.173

• ubuntu•linux-gcp-5.11

  all

• ubuntu•linux-gcp-5.13

  all

• ubuntu•linux-gcp-5.15

  < 5.15.0-1039.47~20.04.1

• ubuntu•linux-gcp-5.19

  all

• ubuntu•linux-gcp-5.3

  all

• ubuntu•linux-gcp-5.4

  < 5.4.0-1117.126~18.04.1

• ubuntu•linux-gcp-5.8

  all

• ubuntu•linux-gcp-fips

  < 4.15.0-2064.69 | all | < 5.4.0-1117.126+fips1

• ubuntu•linux-gke

  all | < 5.15.0-1039.44

• ubuntu•linux-gke-4.15

  all

• ubuntu•linux-gke-5.15

  < 5.15.0-1039.44~20.04.1

• ubuntu•linux-gke-5.4

  all

• ubuntu•linux-gkeop

  < 5.4.0-1080.84 | < 5.15.0-1025.30

• ubuntu•linux-gkeop-5.15

  < 5.15.0-1025.30~20.04.1

• ubuntu•linux-gkeop-5.4

  all

• ubuntu•linux-hwe

  < 4.15.0-219.230~16.04.1 | all

• ubuntu•linux-hwe-5.11

  all

• ubuntu•linux-hwe-5.13

  all

• ubuntu•linux-hwe-5.15

  < 5.15.0-79.86~20.04.2

Showing first 50 affected entries in server-rendered view.

References (17)

• https://ubuntu.com/security/CVE-2023-0597
• https://access.redhat.com/security/cve/CVE-2023-0597
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=97e3d26b5e5f371b3ee223d94dd123e6c442ba80
• https://lore.kernel.org/lkml/Yz%2FmfJ1gjgshF19t@hirez.programming.kicks-ass.net/
• https://gruss.cc/files/prefetch.pdf
• https://ubuntu.com/security/notices/USN-6206-1
• https://ubuntu.com/security/notices/USN-6235-1
• https://ubuntu.com/security/notices/USN-6300-1
• https://ubuntu.com/security/notices/USN-6311-1
• https://ubuntu.com/security/notices/USN-6332-1
• https://ubuntu.com/security/notices/USN-6347-1
• https://ubuntu.com/security/notices/USN-6440-1
• https://ubuntu.com/security/notices/USN-6440-2
• https://ubuntu.com/security/notices/USN-6440-3
• https://ubuntu.com/security/notices/USN-6462-1
• https://ubuntu.com/security/notices/USN-6462-2
• https://www.cve.org/CVERecord?id=CVE-2023-0597