CVE-2023-3640
Kernel: x86/mm: a per-cpu entry area leak was identified through the init_cea_offsets function when prefetchnta and prefetcht2 instructions being used for the per-cpu entry area mapping to the user space
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Kernel: x86/mm: a per-cpu entry area leak was identified through the init_cea_offsets function when prefetchnta and prefetcht2 instructions being used for the per-cpu entry area mapping to the user space
A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could allow a local user to gain access to some important data with memory in an expected location and potentially escalate their privileges on the system.
Reserved 2023-07-12 | Published 2023-07-24 | Updated 2025-04-15 | Assigner redhat| 2023-06-26: | Reported to Red Hat. |
| 2023-06-23: | Made public. |
Red Hat would like to thank 77pray (Syclover Security Team) for reporting this issue.
access.redhat.com/errata/RHSA-2023:6583 (RHSA-2023:6583)
access.redhat.com/security/cve/CVE-2023-3640
bugzilla.redhat.com/show_bug.cgi?id=2217523 (RHBZ#2217523)
Support options
