PT-2023-6490 · Linux+8 · Linux Kernel+8

Tom Dohrmann

·

Publicado

2023-10-09

·

Atualizado

2025-11-11

·

CVE-2023-46813

CVSS v3.1

7.0

Alta

VetorAV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.5.9
Description The issue is caused by errors in synchronization when using a shared resource, potentially allowing an attacker to execute arbitrary code. It involves incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses, which could lead to arbitrary write access to kernel memory and thus privilege escalation. This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it.
Recommendations For Linux kernel versions prior to 6.5.9, update to version 6.5.9 or later to resolve the issue. As a temporary workaround, consider restricting access to MMIO registers to minimize the risk of exploitation. Avoid using the #VC handler and SEV-ES emulation of MMIO accesses in sensitive operations until the issue is resolved.

Exploit

Correção

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362

Identificadores relacionados

ALSA-2024:0897
ALSA-2024_0897
ALSA-2024_10939
ALSA-2024_10943
ALSA-2024_10944
ALSA-2024_1607
ALSA-2024_2394
ALSA-2024_2758
ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALSA-2025_18281
ALSA-2025_19102
ALSA-2025_19103
ALSA-2025_19409
ALSA-2025_20518
ALT-PU-2023-7472
ALT-PU-2024-14046
ALT-PU-2024-6818
AZL-31815
AZL-34802
BDU:2023-07236
CESA-2024_0881
CESA-2024_0897
CVE-2023-46813
DLA-3711-1
DSA-5594-1
ELSA-2024-0461
ELSA-2024-0897
ELSA-2024-12094
ELSA-2024-12159
ELSA-2024-12187
MGASA-2023-0328
MGASA-2023-0331
OESA-2023-1797
OESA-2023-1798
OESA-2023-1799
OPENSUSE-SU-2023_4345-1
OPENSUSE-SU-2023_4351-1
OPENSUSE-SU-2023_4375-1
OPENSUSE-SU-2023_4414-1
OPENSUSE-SU-2023_4732-1
OPENSUSE-SU-2024:13405-1
OPENSUSE-SU-2024:13704-1
RHSA-2024:0431
RHSA-2024:0432
RHSA-2024:0439
RHSA-2024:0448
RHSA-2024:0461
RHSA-2024:0575
RHSA-2024:0724
RHSA-2024:0881
RHSA-2024:0897
RHSA-2024_0461
RHSA-2024_0881
RHSA-2024_0897
SUSE-SU-2023:4345-1
SUSE-SU-2023:4351-1
SUSE-SU-2023:4375-1
SUSE-SU-2023:4414-1
SUSE-SU-2023:4732-1
SUSE-SU-2023_4375-1
SUSE-SU-2023_4414-1
SUSE-SU-2023_4732-1
SUSE-SU-2024:0986-1
SUSE-SU-2024:0995-1
SUSE-SU-2024:1023-1
SUSE-SU-2024:1039-1
SUSE-SU-2024:1045-1
SUSE-SU-2024:1063-1
SUSE-SU-2024:1097-1
USN-6533-1
USN-6624-1
USN-6626-1
USN-6626-2
USN-6626-3
USN-6628-1
USN-6628-2
USN-6652-1

Produtos afetados

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Suse
Ubuntu