PT-2023-1383 · Linux+5 · Linux Kernel+5

Rafael Correa De Ysasi

+1

·

Publicado

2017-03-17

·

Atualizado

2025-09-29

·

CVE-2023-0045

CVSS v2.0

7.8

Alta

VetorAV:N/AC:L/Au:N/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.9.176
Description The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib prctl set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC CTRL MSR on the function speculation ctrl update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall.
Recommendations Upgrade past commit a664ec9158eeddd75121d39c9a0758016097fa96 to mitigate the issue. As a temporary workaround, consider disabling the ib prctl set function until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the ib prctl set function in the affected API endpoint until the issue is resolved.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-662CWE-610

Identificadores relacionados

ALSA-2024_1607
ALSA-2024_2394
ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALSA-2025_7531
ALSA-2025_7532
ALT-PU-2017-1299
ALT-PU-2018-1991
ALT-PU-2023-1066
ALT-PU-2023-4894
ALT-PU-2023-7007
ALT-PU-2023-7682
ALT-PU-2024-4263
ALT-PU-2024-4843
BDU:2023-00749
CVE-2023-0045
DLA-3403-1
DLA-3404-1
GHSA-9X5G-VMXF-4QJ8
OESA-2023-1143
OESA-2023-1144
OESA-2023-1146
OESA-2023-1157
OPENSUSE-SU-2023_0488-1
OPENSUSE-SU-2023_0774-1
OPENSUSE-SU-2023_2646-1
OPENSUSE-SU-2023_2871-1
OPENSUSE-SU-2024:12697-1
OPENSUSE-SU-2024:13704-1
SUSE-SU-2023:0485-1
SUSE-SU-2023:0488-1
SUSE-SU-2023:0618-1
SUSE-SU-2023:0634-1
SUSE-SU-2023:0768-1
SUSE-SU-2023:0774-1
SUSE-SU-2023:0778-1
SUSE-SU-2023:0779-1
SUSE-SU-2023:0780-1
SUSE-SU-2023:0852-1
SUSE-SU-2023:1608-1
SUSE-SU-2023:1710-1
SUSE-SU-2023:2646-1
SUSE-SU-2023:2809-1
SUSE-SU-2023:2871-1
SUSE-SU-2023_0485-1
SUSE-SU-2023_0488-1
SUSE-SU-2023_0618-1
SUSE-SU-2023_0634-1
SUSE-SU-2023_0768-1
SUSE-SU-2023_0774-1
SUSE-SU-2023_0778-1
SUSE-SU-2023_0779-1
SUSE-SU-2023_0780-1
SUSE-SU-2023_0796
SUSE-SU-2023_0796-1
SUSE-SU-2023_0852-1
SUSE-SU-2023_1608-1
SUSE-SU-2023_1710-1
SUSE-SU-2023_2646-1
SUSE-SU-2023_2871-1
USN-5884-1
USN-5913-1
USN-5914-1
USN-5915-1
USN-5917-1
USN-5924-1
USN-5926-1
USN-5927-1
USN-5934-1
USN-5939-1
USN-5940-1
USN-5951-1
USN-5970-1
USN-5975-1
USN-5979-1
USN-5981-1
USN-5982-1
USN-5984-1
USN-5987-1
USN-5991-1
USN-6000-1
USN-6004-1
USN-6009-1
USN-6030-1

Produtos afetados

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Suse
Ubuntu