CVE-2023-0459

Copy_from_user Spectre-V1 Gadget in Linux Kernel

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47

A vulnerability was found in copy_from_user in 64-bit versions of the Linux kernel. This flaw allows a local attacker to bypass the "access_ok" sanity check and pass a kernel pointer to copy_from_user(), resulting in kernel data leaking.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-01-24 CVE Reserved
2023-05-16 CVE Published
2024-09-26 CVE Updated
2024-12-15 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')
CWE-763: Release of Invalid Pointer or Reference

CAPEC

CAPEC-129: Pointer Manipulation

References (4)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://github.com/torvalds/linux/commit/4b842e4e25b12951fa10dedb4bc16bc47e3b850c	2023-06-06
https://github.com/torvalds/linux/commit/74e19ef0ff8061ef55957c3abd71614ef0f42f47	2023-06-06

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2023-0459	2022-05-10
https://bugzilla.redhat.com/show_bug.cgi?id=2216383	2022-05-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.14.307 Search vendor "Linux" for product "Linux Kernel" and version " < 4.14.307"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19.0 < 4.19.274 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19.0 < 4.19.274"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.0 < 5.4.233 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.0 < 5.4.233"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.0 < 5.10.170 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.0 < 5.10.170"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.0 < 5.15.96 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.0 < 5.15.96"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.0 < 6.1.14 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.0 < 6.1.14"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.2.0 < 6.2.1 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.2.0 < 6.2.1"		-		Affected