PT-2024-14642 · Linux+8 · Linux Kernel+8
Alexander Gordeev
+4
·
Published
2023-12-11
·
Updated
2025-09-29
·
CVE-2023-52597
CVSS v3.1
4.0
Medium
| Vector | AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The issue is related to the KVM: s390: fix setting of fpc register in the Linux kernel. The
kvm arch vcpu ioctl set fpu() function allows setting the floating point control (fpc) register of a guest CPU. The new value is tested for validity by temporarily loading it into the fpc register. However, this may lead to corruption of the fpc register of the host process if an interrupt happens while the value is temporarily loaded and floating point or vector registers are used within the interrupt context. The fix involves removing the test, which results in a change of behavior where invalid values are now accepted instead of the ioctl failing with -EINVAL.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu