CVE-2023-46813

7HIGH

Key Information

Vendor: Linux
Status: Linux Kernel
Vendor: CVE Published:; 27 October 2023

Badges

👾 Exploit Exists🔴 Public PoC

Summary

An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

cve-2023-46813-poc
Created by Freax13

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Oct 27, 2023
Vulnerability Reserved.
Oct 27, 2023
👾
Exploit exists.
May 29, 2023

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)