Incorrect indirect branch prediction barrier in the Linux Kernel
CVE-2023-0045

7.5HIGH

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
25 April 2023

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2023-0045?

A security flaw exists in the implementation of the prctl syscall within the Linux Kernel, where an Immediate Buffer Partitioning Boundary (IBPB) is not executed promptly during the syscall execution. Instead, the IBPB is triggered only on the subsequent scheduling, compromising the task's Thread Information Flags (TIFs). As a result, the system remains exposed to potential exploitation from values already placed in the Branch Target Buffer (BTB) before the execution of the prctl syscall. To mitigate these risks, it is crucial to upgrade to versions released after commit a664ec9158eeddd75121d39c9a0758016097fa96.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux Kernel 9137bb27e60e

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-0045
Created by es0j

CVE-2023-0045
Created by ASkyeye

References

https://git.kernel.org/tip/a664ec9158eeddd75121d39c9a0758...
https://lists.debian.org/debian-lts-announce/2023/05/msg0...
https://lists.debian.org/debian-lts-announce/2023/05/msg0...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability Reserved

JSON
.