PT-2024-14592 · Linux+4 · Linux Kernel+4

Published

2024-02-28

Updated

2026-05-26

CVE-2023-52481

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:L/Au:M/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A speculatively executed unprivileged load on an affected Cortex-A520 core might leak data from a privileged load via a cache side channel. The issue only exists for loads within a translation regime with the same translation, and it only affects the return to EL0. The workaround is to execute a TLBI before returning to EL0 after all loads of privileged data. A non-shareable TLBI to any address is sufficient. This workaround is not necessary if page table isolation (KPTI) is enabled.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1300

Related Identifiers

AZL-59471

BDU:2025-12937

CVE-2023-52481

OPENSUSE-SU-2024_1322-1

OPENSUSE-SU-2024_1322-2

OPENSUSE-SU-2024_1332-1

OPENSUSE-SU-2024_1332-2

OPENSUSE-SU-2024_1466-1

OPENSUSE-SU-2024_1480-1

OPENSUSE-SU-2024_1490-1

SUSE-SU-2024:1466-1

SUSE-SU-2024:1480-1

SUSE-SU-2024:1490-1

Affected Products

Astra Linux

Debian

Linux Kernel

Red Os

Suse

PT-2024-14592 · Linux+4 · Linux Kernel+4

CVE-2023-52481

Weakness Enumeration

Related Identifiers

Affected Products

References · 464