CVE-2022-4543

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Linux Kernel (affected versions not specified)

Description A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems. The vulnerability is related to the lack of protection for service data, which can be exploited to obtain the Kernel ASLR base address and gain access to kernel memory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Side Channel Attack

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203CWE-200

Related Identifiers

AZL-12989

AZL-34862

BDU:2023-00001

CVE-2022-4543

ECHO-2DDC-4A3F-877A

Affected Products

Debian

Linux Kernel

CVE-2022-4543

Weakness Enumeration

Related Identifiers

Affected Products

References · 26