Incorrect indirect branch prediction barrier in the Linux Kernel
CVE-2023-0045

7.5HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 April 2023

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A security flaw exists in the implementation of the prctl syscall within the Linux Kernel, where an Immediate Buffer Partitioning Boundary (IBPB) is not executed promptly during the syscall execution. Instead, the IBPB is triggered only on the subsequent scheduling, compromising the task's Thread Information Flags (TIFs). As a result, the system remains exposed to potential exploitation from values already placed in the Branch Target Buffer (BTB) before the execution of the prctl syscall. To mitigate these risks, it is crucial to upgrade to versions released after commit a664ec9158eeddd75121d39c9a0758016097fa96.

Affected Version(s)

Linux Kernel 9137bb27e60e

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-0045
Created by es0j

CVE-2023-0045
Created by ASkyeye

References

https://git.kernel.org/tip/a664ec9158eeddd75121d39c9a0758...

https://lists.debian.org/debian-lts-announce/2023/05/msg0...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 25, 2023
🟡
Public PoC available
Feb 7, 2023
👾
Exploit known to exist
Feb 7, 2023
Vulnerability Reserved
Jan 4, 2023