PT-2023-6555 · Kvm+9 · Kvm+9

Mauro Matteo Cascella

Published

2023-09-28

Updated

2024-12-19

CVE-2023-5090

CVSS v3.1

6.0

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions KVM (affected versions not specified)

Description A flaw was found in KVM, related to an improper check in the svm set x2apic msr interception() function. This may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition. The issue is associated with an incorrect sequence of actions when switching to xapic mode.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Improper Handling of Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-703CWE-755CWE-399

Related Identifiers

ALSA-2024:2758

ALSA-2024:4211

ALSA-2024:4352

ALT-PU-2024-14046

ALT-PU-2024-6818

AZL-31943

BDU:2023-07317

CESA-2024_4211

CESA-2024_4352

CVE-2023-5090

INFSA-2024_2758

INFSA-2024_4211

INFSA-2024_4352

MGASA-2023-0328

MGASA-2023-0331

RHSA-2024:2758

RHSA-2024:3854

RHSA-2024:3855

RHSA-2024:4211

RHSA-2024:4352

RHSA-2024_2758

RHSA-2024_4211

RHSA-2024_4352

RLSA-2024:4211

RLSA-2024:4352

RXSA-2024:4211

USN-6497-1

USN-6502-1

USN-6502-2

USN-6502-3

USN-6502-4

USN-6503-1

USN-6520-1

USN-6537-1

USN-6572-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Kvm

Linuxmint

Red Hat

Red Os

Rocky Linux

Ubuntu

PT-2023-6555 · Kvm+9 · Kvm+9

CVE-2023-5090

Weakness Enumeration

Related Identifiers

Affected Products

References · 297