PT-2022-6506 · Linux+7 · Linux Kernel+7

Neelima Krishnan

·

Published

2022-04-05

·

Updated

2025-02-19

·

CVE-2023-1637

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A flaw in the Linux kernel's X86 CPU Power management options functionality was found, related to the speculative execution behavior kind of attacks. This issue arises when a user resumes the CPU from suspend-to-RAM, potentially allowing a local user to gain unauthorized access to some CPU memory. The flaw is also associated with the use of hidden timing channels for data transmission when processing model-specific registers (MSR), which could enable an attacker to access protected information.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

ALSA-2023:5069
ALSA-2023:5091
ALT-PU-2023-1979
BDU:2023-01794
CESA-2023_5244
CESA-2023_5255
CVE-2023-1637
OESA-2023-1215
OESA-2023-1229
OPENSUSE-SU-2023_2646-1
OPENSUSE-SU-2023_2871-1
RHSA-2023:4789
RHSA-2023:5069
RHSA-2023:5091
RHSA-2023:5244
RHSA-2023:5255
RHSA-2023:5628
RHSA-2023:5794
RHSA-2023_5069
RHSA-2023_5091
RHSA-2023_5244
RHSA-2023_5255
RLSA-2023:5091
SUSE-SU-2023:1802-1
SUSE-SU-2023:1897-1
SUSE-SU-2023:1992-1
SUSE-SU-2023:2502-1
SUSE-SU-2023:2611-1
SUSE-SU-2023:2646-1
SUSE-SU-2023:2651-1
SUSE-SU-2023:2804-1
SUSE-SU-2023:2808-1
SUSE-SU-2023:2809-1
SUSE-SU-2023:2822-1
SUSE-SU-2023:2830-1
SUSE-SU-2023:2871-1
SUSE-SU-2023:3324-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linux Kernel
Red Hat
Rocky Linux
Suse