CVE-2023-1637
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of the CPU similar to the speculative execution behavior kind of attacks.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Kernel | Linux kernel 5.18-rc2 | affected |
Weaknesses
- CWE-226: CWE-226 -> CWE-385 -> CWE-200
ADP Enrichment
CVE Program Container
Additional References
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e2a1256b17b16f9b9adf1b6fea56819e7b68e463
- https://sourceware.org/bugzilla/show_bug.cgi?id=27398
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
Additional References
References
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e2a1256b17b16f9b9adf1b6fea56819e7b68e463
- https://sourceware.org/bugzilla/show_bug.cgi?id=27398
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.