CVE-2023-53024

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a pointer-leak due to insufficient speculative store bypass mitigation in the Linux kernel's BPF (Berkeley Packet Filter) component. This can lead to a speculative pointer-as-scalar type confusion, allowing the program to leak the numerical pointer value using a branch-based cache side channel. The problem occurs when a stack slot is first initialized with a pointer but then overwritten with a scalar, which may be subject to speculative store bypass (SSB). To fix this, scalars are sanitized if they write a stack slot that previously contained a pointer.

Recommendations To resolve the issue, sanitize scalars if they write a stack slot that previously contained a pointer. This can be achieved by adding an lfence instruction after spilling a pointer to the stack and when overwriting a pointer with a scalar in the stack slot. As a temporary workaround, consider restricting the use of BPF until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.