First published: Fri Oct 07 2022(Updated: )
A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected location in memory.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/Linux kernel | <6.2 | 6.2 |
Linux Kernel | =6.2-rc1 | |
debian/linux | <=5.10.223-1<=5.10.226-1<=6.1.123-1<=6.1.128-1 | 6.12.12-1 6.12.13-1 |
IBM Security Verify Governance - Identity Manager | <=ISVG 10.0.2 | |
IBM Security Verify Governance, Identity Manager | <=ISVG 10.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-0597 has been categorized with medium severity due to the potential for local users to exploit a memory leak.
To resolve CVE-2023-0597, update your Linux kernel to versions 6.2 or later, or apply the recommended patches for affected distributions.
CVE-2023-0597 affects local users of specific versions of the Linux kernel, as well as products from IBM Security Verify Governance and Identity Manager.
CVE-2023-0597 may allow unauthorized access to sensitive data mapped in memory, including exception stacks.
No, CVE-2023-0597 requires local access to exploit the memory leak vulnerability.