CVE-2023-0459: Copy_from_user Spectre-V1 Gadget in Linux Kernel
First published: Thu May 25 2023(Updated: )
Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47
Credit: cve-coordination@google.com cve-coordination@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | <4.14.307 | |
| Linux Kernel | >=4.19.0<4.19.274 | |
| Linux Kernel | >=5.4.0<5.4.233 | |
| Linux Kernel | >=5.10.0<5.10.170 | |
| Linux Kernel | >=5.15.0<5.15.96 | |
| Linux Kernel | >=6.1.0<6.1.14 | |
| Linux Kernel | >=6.2.0<6.2.1 | |
| Linux Kernel | <2023-02-21 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.119-1 6.12.10-1 6.12.11-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/torvalds/linux/commit/4b842e4e25b12951fa10dedb4bc16bc47e3b850c
- https://github.com/torvalds/linux/commit/74e19ef0ff8061ef55957c3abd71614ef0f42f47
- https://launchpad.net/bugs/cve/CVE-2023-0459
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0459
- https://nvd.nist.gov/vuln/detail/CVE-2023-0459
- https://security-tracker.debian.org/tracker/CVE-2023-0459
- https://ubuntu.com/security/CVE-2023-0459
- https://github.com/google/security-research/security/advisories/GHSA-m7j5-797w-vmrh
- https://git.kernel.org/linus/74e19ef0ff8061ef55957c3abd71614ef0f42f47
Frequently Asked Questions
What is the severity of CVE-2023-0459?
CVE-2023-0459 has been assigned a high severity due to its potential for sensitive information leakage.
How do I fix CVE-2023-0459?
To fix CVE-2023-0459, upgrade your Linux kernel to a version beyond commit 74 or to one of the recommended fixed versions.
Which versions are affected by CVE-2023-0459?
CVE-2023-0459 affects 64-bit versions of the Linux kernel prior to 4.14.307, between 4.19.0 and 4.19.274, between 5.4.0 and 5.4.233, between 5.10.0 and 5.10.170, between 5.15.0 and 5.15.96, and between 6.1.0 and 6.1.14.
What type of attack does CVE-2023-0459 enable?
CVE-2023-0459 enables an attacker to bypass the access checks, potentially leaking sensitive information from the kernel.
Is CVE-2023-0459 specific to any particular Linux distribution?
CVE-2023-0459 is not limited to a specific Linux distribution as it affects the Linux kernel itself.
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/weakness
- agent/title
- agent/severity
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/remedy
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/trending
- agent/event
- agent/source
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-latest
- agent/tags
- agent/softwarecombine
- collector/security-tracker-debian
- source/Debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.19.0
- version/linux kernel/5.4.0
- version/linux kernel/5.10.0
- version/linux kernel/5.15.0
- version/linux kernel/6.1.0
- version/linux kernel/6.2.0
- package-manager/debian