UBUNTU-CVE-2023-30456

Description

An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.

CVSS Metrics

• v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Affected Systems

• ubuntu•linux

  < 3.13.0-197.248 | < 4.4.0-241.275 | < 4.15.0-212.223 | < 5.4.0-150.167 | < 5.15.0-73.80

• ubuntu•linux-aws

  < 4.4.0-1119.125 | < 4.4.0-1157.172 | < 4.15.0-1157.170 | < 5.4.0-1103.111 | < 5.15.0-1037.41

• ubuntu•linux-aws-5.0

  all

• ubuntu•linux-aws-5.11

  all

• ubuntu•linux-aws-5.13

  all

• ubuntu•linux-aws-5.15

  < 5.15.0-1037.41~20.04.1

• ubuntu•linux-aws-5.3

  all

• ubuntu•linux-aws-5.4

  < 5.4.0-1103.111~18.04.1

• ubuntu•linux-aws-5.8

  all

• ubuntu•linux-aws-fips

  < 4.15.0-2096.102 | all | < 5.4.0-1103.111+fips1

• ubuntu•linux-aws-hwe

  < 4.15.0-1157.170~16.04.1

• ubuntu•linux-azure

  < 4.15.0-1166.181~14.04.1 | < 4.15.0-1166.181~16.04.1 | all | < 5.4.0-1109.115 | < 5.15.0-1039.46

• ubuntu•linux-azure-4.15

  < 4.15.0-1166.181

• ubuntu•linux-azure-5.11

  all

• ubuntu•linux-azure-5.13

  all

• ubuntu•linux-azure-5.15

  < 5.15.0-1039.46~20.04.1

• ubuntu•linux-azure-5.19

  all

• ubuntu•linux-azure-5.3

  all

• ubuntu•linux-azure-5.4

  < 5.4.0-1109.115~18.04.1

• ubuntu•linux-azure-5.8

  all

• ubuntu•linux-azure-edge

  all

• ubuntu•linux-azure-fde

  all | < 5.15.0-1039.46.1

• ubuntu•linux-azure-fips

  < 4.15.0-2075.81 | all | < 5.4.0-1109.115+fips1

• ubuntu•linux-bluefield

  < 5.15.0-1017.19 | < 5.4.0-1064.70 | < 5.15.0-1017.19 | all

• ubuntu•linux-fips

  < 4.4.0-1089.96 | all | < 4.15.0-1112.123 | < 5.4.0-1078.87

• ubuntu•linux-gcp

  < 4.15.0-1151.167~16.04.1 | all | < 5.4.0-1106.115 | < 5.15.0-1035.43

• ubuntu•linux-gcp-4.15

  < 4.15.0-1151.167

• ubuntu•linux-gcp-5.11

  all

• ubuntu•linux-gcp-5.13

  all

• ubuntu•linux-gcp-5.15

  < 5.15.0-1035.43~20.04.1

• ubuntu•linux-gcp-5.3

  all

• ubuntu•linux-gcp-5.4

  < 5.4.0-1106.115~18.04.1

• ubuntu•linux-gcp-5.8

  all

• ubuntu•linux-gcp-fips

  < 4.15.0-2059.64 | all | < 5.4.0-1106.115+fips1

• ubuntu•linux-gke

  < 5.4.0-1100.107 | < 5.15.0-1034.39

• ubuntu•linux-gke-4.15

  all

• ubuntu•linux-gke-5.15

  < 5.15.0-1034.39~20.04.1

• ubuntu•linux-gke-5.4

  all

• ubuntu•linux-gkeop

  < 5.4.0-1070.74 | < 5.15.0-1021.26

• ubuntu•linux-gkeop-5.15

  < 5.15.0-1021.26~20.04.1

• ubuntu•linux-gkeop-5.4

  all

• ubuntu•linux-hwe

  < 4.15.0-212.223~16.04.1 | all

• ubuntu•linux-hwe-5.11

  all

• ubuntu•linux-hwe-5.13

  all

• ubuntu•linux-hwe-5.15

  < 5.15.0-73.80~20.04.1

• ubuntu•linux-hwe-5.19

  < 5.19.0-43.44~22.04.1

• ubuntu•linux-hwe-5.4

  < 5.4.0-150.167~18.04.1

• ubuntu•linux-hwe-5.8

  all

• ubuntu•linux-hwe-edge

  all | all

• ubuntu•linux-ibm

  < 5.4.0-1050.55 | < 5.15.0-1031.34

Showing first 50 affected entries in server-rendered view.

References (21)

• https://ubuntu.com/security/CVE-2023-30456
• https://git.kernel.org/linus/112e66017bff7f2837030f34c2bc19501e9212d5
• https://github.com/torvalds/linux/commit/112e66017bff7f2837030f34c2bc19501e9212d5
• https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.8
• https://ubuntu.com/security/notices/USN-6033-1
• https://ubuntu.com/security/notices/USN-6123-1
• https://ubuntu.com/security/notices/USN-6124-1
• https://ubuntu.com/security/notices/USN-6127-1
• https://ubuntu.com/security/notices/USN-6130-1
• https://ubuntu.com/security/notices/USN-6131-1
• https://ubuntu.com/security/notices/USN-6132-1
• https://ubuntu.com/security/notices/USN-6135-1
• https://ubuntu.com/security/notices/USN-6149-1
• https://ubuntu.com/security/notices/USN-6150-1
• https://ubuntu.com/security/notices/USN-6162-1
• https://ubuntu.com/security/notices/USN-6175-1
• https://ubuntu.com/security/notices/USN-6186-1
• https://ubuntu.com/security/notices/USN-6222-1
• https://ubuntu.com/security/notices/USN-6256-1
• https://ubuntu.com/security/notices/USN-6699-1
• https://www.cve.org/CVERecord?id=CVE-2023-30456