CVE-2023-52481
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Summary
In the Linux kernel, the following vulnerability has been resolved:
arm64: errata: Add Cortex-A520 speculative unprivileged load workaround
Implement the workaround for ARM Cortex-A520 erratum 2966298. On an affected Cortex-A520 core, a speculatively executed unprivileged load might leak data from a privileged load via a cache side channel. The issue only exists for loads within a translation regime with the same translation (e.g. same ASID and VMID). Therefore, the issue only affects the return to EL0.
The workaround is to execute a TLBI before returning to EL0 after all loads of privileged data. A non-shareable TLBI to any address is sufficient.
The workaround isn't necessary if page table isolation (KPTI) is enabled, but for simplicity it will be. Page table isolation should normally be disabled for Cortex-A520 as it supports the CSV3 feature and the E0PD feature (used when KASLR is enabled).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 0be7320a635c2e434e8b67e0e9474a85ceb421c4 < 6e3ae2927b432a3b7c8374f14dbc1bd9ebe4372c | affected |
| Linux | Linux | 0be7320a635c2e434e8b67e0e9474a85ceb421c4 < 32b0a4ffcaea44a00a61e40c0d1bcc50362aee25 | affected |
| Linux | Linux | 0be7320a635c2e434e8b67e0e9474a85ceb421c4 < 471470bc7052d28ce125901877dd10e4c048e513 | affected |
| Linux | Linux | 3.7 | affected |
| Linux | Linux | 0 < 3.7 | unaffected |
| Linux | Linux | 6.1.57 <= 6.1.* | unaffected |
| Linux | Linux | 6.5.7 <= 6.5.* | unaffected |
| Linux | Linux | 6.6 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/6e3ae2927b432a3b7c8374f14dbc1bd9ebe4372c
- https://git.kernel.org/stable/c/32b0a4ffcaea44a00a61e40c0d1bcc50362aee25
- https://git.kernel.org/stable/c/471470bc7052d28ce125901877dd10e4c048e513
References
- https://git.kernel.org/stable/c/6e3ae2927b432a3b7c8374f14dbc1bd9ebe4372c
- https://git.kernel.org/stable/c/32b0a4ffcaea44a00a61e40c0d1bcc50362aee25
- https://git.kernel.org/stable/c/471470bc7052d28ce125901877dd10e4c048e513
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.