CVE-2023-0045

The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set  function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall.  The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176. We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

History

02 Aug 2023, 17:12

Type Values Removed Values Added
References (MISC) https://github.com/google/security-research/security/advisories/GHSA-9x5g-vmxf-4qj8 - (MISC) https://github.com/google/security-research/security/advisories/GHSA-9x5g-vmxf-4qj8 - Exploit, Third Party Advisory

23 Jul 2023, 02:15

Type Values Removed Values Added
References
  • (MISC) https://github.com/google/security-research/security/advisories/GHSA-9x5g-vmxf-4qj8 -

21 Jul 2023, 19:21

Type Values Removed Values Added
References (MISC) https://security.netapp.com/advisory/ntap-20230714-0001/ - (MISC) https://security.netapp.com/advisory/ntap-20230714-0001/ - Third Party Advisory
CPE cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

18 Jul 2023, 08:15

Type Values Removed Values Added
References
  • (MISC) https://security.netapp.com/advisory/ntap-20230714-0001/ -

05 May 2023, 15:54

Type Values Removed Values Added
References (MISC) https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html - (MISC) https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html - Mailing List, Third Party Advisory
References (MISC) https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html - (MISC) https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html - Mailing List, Third Party Advisory
References (MISC) https://git.kernel.org/tip/a664ec9158eeddd75121d39c9a0758016097fa96 - (MISC) https://git.kernel.org/tip/a664ec9158eeddd75121d39c9a0758016097fa96 - Mailing List, Patch
CWE CWE-610
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5

03 May 2023, 14:15

Type Values Removed Values Added
References
  • (MISC) https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html -

03 May 2023, 01:15

Type Values Removed Values Added
References
  • (MISC) https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html -

25 Apr 2023, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-04-25 23:15

Updated : 2024-02-04 23:37


NVD link : CVE-2023-0045

Mitre link : CVE-2023-0045

CVE.ORG link : CVE-2023-0045


JSON object : View

Products Affected

netapp

  • h300s
  • h410c_firmware
  • h300s_firmware
  • h410c
  • h500s
  • active_iq_unified_manager
  • h500s_firmware
  • h700s_firmware
  • h700s
  • h410s
  • h410s_firmware

debian

  • debian_linux

linux

  • linux_kernel
CWE
CWE-610

Externally Controlled Reference to a Resource in Another Sphere