PT-2023-3677 · Linux+3 · Linux Kernel+3

Alex

Published

2023-06-23

Updated

2026-03-14

CVE-2023-3640

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the init cea offsets() function in the /arch/x86/mm/cpu entry area.c module of the Linux kernel's memory management subsystem. It concerns the accessibility of the per-cpu area of memory to user address space. Exploitation of this issue may allow an attacker to access protected information and potentially escalate their privileges. A feature called 'Randomize per-cpu entry area' was implemented to mitigate similar issues, but despite this, there is still a risk of per-cpu entry area leaks. This could enable a local user to gain access to important data in memory and potentially escalate their privileges on the system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Side Channel Attack

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203CWE-284

Related Identifiers

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

ALSA-2025_16919

ALSA-2025_16920

ALSA-2025_18281

ALSA-2025_19102

ALSA-2025_19103

ALSA-2025_19409

ALSA-2025_22800

ALSA-2025_22801

BDU:2023-03962

CVE-2023-3640

ECHO-3758-6C42-61D3

RHSA-2023:6583

RHSA-2023_6583

ROSA-SA-2023-2241

Affected Products

Debian

Linux Kernel

Red Hat

Red Os

PT-2023-3677 · Linux+3 · Linux Kernel+3

CVE-2023-3640

Weakness Enumeration

Related Identifiers

Affected Products

References · 22