Lucene search

GoogleCVE-2023-0459

HistoryMay 25, 2023 - 2:15 p.m.

CVE-2023-0459

2023-05-2514:15:09

CWE-763

Google

web.nvd.nist.gov

371

cve-2023-0459

linux kernel

information leak

access_ok bypass

upgrade

nvd

security vulnerability

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

Percentile

9.0%

JSON

Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the “access_ok” check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47

Affected configurations

Nvd

Node

linuxlinux_kernelRange<4.14.307

linuxlinux_kernelRange4.19.0–4.19.274

linuxlinux_kernelRange5.4.0–5.4.233

linuxlinux_kernelRange5.10.0–5.10.170

linuxlinux_kernelRange5.15.0–5.15.96

linuxlinux_kernelRange6.1.0–6.1.14

linuxlinux_kernelRange6.2.0–6.2.1

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "packageName": "kernel",
    "platforms": [
      "64 bit"
    ],
    "product": "Linux Kernel",
    "repo": "https://git.kernel.org",
    "vendor": "Linux",
    "versions": [
      {
        "lessThanOrEqual": "74e19ef0ff8061ef55957c3abd71614ef0f42f47",
        "status": "affected",
        "version": "4b842e4e25b12951fa10dedb4bc16bc47e3b850c",
        "versionType": "git"
      }
    ]
  }
]