First published: Wed Oct 04 2023(Updated: )
On CPU 0 the check for the SMCCC workaround is called before SMCCC support has been initialized. This resulted in no speculative execution workarounds being installed on CPU 0.
Credit: secteam@freebsd.org secteam@freebsd.org
Affected Software | Affected Version | How to fix |
---|---|---|
FreeBSD FreeBSD | =13.2 | |
=13.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-5370 is a vulnerability that occurs when the check for the SMCCC workaround is called before SMCCC support has been initialized, resulting in no speculative execution workarounds being installed on CPU 0.
CVE-2023-5370 affects FreeBSD 13.2 by leaving CPU 0 vulnerable to speculative execution attacks because the necessary workarounds are not installed.
The severity of CVE-2023-5370 is rated as medium with a severity value of 5.5.
To fix CVE-2023-5370, it is recommended to apply the necessary patches provided by FreeBSD.
You can find more information about CVE-2023-5370 in the advisory published on the FreeBSD Security website.