CVE-2023-0459

CVSS V2 None CVSS V3 None

Description

Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47

Overview

CVE ID
CVE-2023-0459

Assigner
Google

Vulnerability Status
PUBLISHED

Published Version
2023-05-25T13:22:38.338Z

Last Modified Date
2023-05-25T13:22:38.338Z

Weakness Enumerations

CWE	URL
CWE-763	http://cwe.mitre.org/data/definitions/763.html

References

Reference URL	Reference Tags
https://github.com/torvalds/linux/commit/4b842e4e25b12951fa10dedb4bc16bc47e3b850c
https://github.com/torvalds/linux/commit/74e19ef0ff8061ef55957c3abd71614ef0f42f47

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-0459
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0459

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 14:35:03				Added to TrackCVE