PT-2023-2015 · Linux+9 · Kvm+9

Xingyuan Mo

·

Published

2023-02-14

·

Updated

2025-02-25

·

CVE-2023-1513

CVSS v3.1

3.3

Low

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions KVM (affected versions not specified)
Description A flaw was found in KVM that could cause an information leak when calling the KVM GET DEBUGREGS ioctl on 32-bit systems. This issue is related to uninitialized portions of the kvm debugregs structure being copied to userspace. The vulnerability is associated with errors in initializing variables in the kvm vcpu ioctl x86 get debugregs() function of the KVM subsystem in the Linux kernel.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Initialization

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-457CWE-665

Related Identifiers

ALSA-2024:2950
ALSA-2024:3138
ALT-PU-2023-1434
ALT-PU-2023-1539
ALT-PU-2024-14046
ALT-PU-2024-6818
AZL-25931
BDU:2023-01726
CESA-2024_2950
CESA-2024_3138
CVE-2023-1513
DLA-3403-1
DLA-3404-1
INFSA-2024_2950
INFSA-2024_3138
OESA-2023-1209
OESA-2023-1210
OESA-2023-1211
OESA-2023-1212
OPENSUSE-SU-2023_2646-1
OPENSUSE-SU-2023_2871-1
RHSA-2024:2950
RHSA-2024:3138
RHSA-2024_2950
RHSA-2024_3138
RLSA-2024:2950
RLSA-2024:3138
SUSE-SU-2023:1800-1
SUSE-SU-2023:1801-1
SUSE-SU-2023:1802-1
SUSE-SU-2023:1803-1
SUSE-SU-2023:1811-1
SUSE-SU-2023:1848-1
SUSE-SU-2023:1892-1
SUSE-SU-2023:1894-1
SUSE-SU-2023:1897-1
SUSE-SU-2023:1992-1
SUSE-SU-2023:2232-1
SUSE-SU-2023:2506-1
SUSE-SU-2023:2646-1
SUSE-SU-2023:2805-1
SUSE-SU-2023:2809-1
SUSE-SU-2023:2871-1
USN-6079-1
USN-6080-1
USN-6081-1
USN-6084-1
USN-6085-1
USN-6090-1
USN-6091-1
USN-6092-1
USN-6094-1
USN-6095-1
USN-6096-1
USN-6109-1
USN-6118-1
USN-6132-1
USN-6133-1
USN-6134-1
USN-6222-1
USN-6256-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Kvm
Linuxmint
Red Hat
Rocky Linux
Suse
Ubuntu