CVE-2023-52481

Summary

In the Linux kernel, the following vulnerability has been resolved:

arm64: errata: Add Cortex-A520 speculative unprivileged load workaround

Implement the workaround for ARM Cortex-A520 erratum 2966298. On an affected Cortex-A520 core, a speculatively executed unprivileged load might leak data from a privileged load via a cache side channel. The issue only exists for loads within a translation regime with the same translation (e.g. same ASID and VMID). Therefore, the issue only affects the return to EL0.

The workaround is to execute a TLBI before returning to EL0 after all loads of privileged data. A non-shareable TLBI to any address is sufficient.

The workaround isn't necessary if page table isolation (KPTI) is enabled, but for simplicity it will be. Page table isolation should normally be disabled for Cortex-A520 as it supports the CSV3 feature and the E0PD feature (used when KASLR is enabled).

Affected Software

VendorProductVersion RangeStatus
LinuxLinux0be7320a635c2e434e8b67e0e9474a85ceb421c4 < 6e3ae2927b432a3b7c8374f14dbc1bd9ebe4372caffected
LinuxLinux0be7320a635c2e434e8b67e0e9474a85ceb421c4 < 32b0a4ffcaea44a00a61e40c0d1bcc50362aee25affected
LinuxLinux0be7320a635c2e434e8b67e0e9474a85ceb421c4 < 471470bc7052d28ce125901877dd10e4c048e513affected
LinuxLinux3.7affected
LinuxLinux0 < 3.7unaffected
LinuxLinux6.1.57 <= 6.1.*unaffected
LinuxLinux6.5.7 <= 6.5.*unaffected
LinuxLinux6.6 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References