We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-3640

Kernel: x86/mm: a per-cpu entry area leak was identified through the init_cea_offsets function when prefetchnta and prefetcht2 instructions being used for the per-cpu entry area mapping to the user space



Description

A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could allow a local user to gain access to some important data with memory in an expected location and potentially escalate their privileges on the system.

Reserved 2023-07-12 | Published 2023-07-24 | Updated 2025-04-15 | Assigner redhat


HIGH: 7.0CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

Observable Discrepancy

Product status

Default status
affected

0:5.14.0-362.8.1.el9_3 before *
unaffected

Default status
affected

0:5.14.0-362.8.1.el9_3 before *
unaffected

Default status
unaffected

Default status
unaffected

Default status
unaffected

Default status
affected

Default status
affected

Default status
affected

Timeline

2023-06-26:Reported to Red Hat.
2023-06-23:Made public.

Credits

Red Hat would like to thank 77pray (Syclover Security Team) for reporting this issue.

References

access.redhat.com/errata/RHSA-2023:6583 (RHSA-2023:6583) vendor-advisory

access.redhat.com/security/cve/CVE-2023-3640 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2217523 (RHBZ#2217523) issue-tracking

cve.org (CVE-2023-3640)

nvd.nist.gov (CVE-2023-3640)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2023-3640

Support options

Helpdesk Chat, Email, Knowledgebase