Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-0045

The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176. We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96

Published

2023-04-25T23:15:09.013

Last Modified

2025-02-13T17:15:52.813

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.7 (MEDIUM)

Weaknesses

Type: Secondary
CWE-610
Type: Primary
CWE-610

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	linux	linux_kernel	< 3.17	Yes
Operating System	linux	linux_kernel	< 4.5	Yes
Operating System	linux	linux_kernel	< 4.10	Yes
Operating System	linux	linux_kernel	< 4.14.303	Yes
Operating System	linux	linux_kernel	< 4.19.270	Yes
Operating System	linux	linux_kernel	< 5.4.229	Yes
Operating System	linux	linux_kernel	< 5.10.163	Yes
Operating System	linux	linux_kernel	< 5.15.87	Yes
Operating System	linux	linux_kernel	< 6.0.19	Yes
Operating System	linux	linux_kernel	< 6.1.5	Yes
Operating System	debian	debian_linux	10.0	Yes
Application	netapp	active_iq_unified_manager	-	Yes
Operating System	netapp	h300s_firmware	-	Yes
Hardware	netapp	h300s	-	No
Operating System	netapp	h500s_firmware	-	Yes
Hardware	netapp	h500s	-	No
Operating System	netapp	h700s_firmware	-	Yes
Hardware	netapp	h700s	-	No
Operating System	netapp	h410s_firmware	-	Yes
Hardware	netapp	h410s	-	No
Operating System	netapp	h410c_firmware	-	Yes
Hardware	netapp	h410c	-	No

References

https://git.kernel.org/tip/a664ec9158eeddd75121d39c9a0758016097fa96 Mailing List, Patch ([email protected])
https://github.com/google/security-research/security/advisories/GHSA-9x5g-vmxf-4qj8 Exploit, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html Mailing List, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html Mailing List, Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20230714-0001/ Third Party Advisory ([email protected])
https://git.kernel.org/tip/a664ec9158eeddd75121d39c9a0758016097fa96 Mailing List, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/google/security-research/security/advisories/GHSA-9x5g-vmxf-4qj8 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230714-0001/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)