1. Home
  2. Vulnerabilities
  3. CVE-2023-0458

CVE-2023-0458

CVSS v3.1 4.7 (Medium)
47% Progress
EPSS 0.04 % (15th)
0.04% Progress
Affected Products 2
Advisories 22
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11

Weaknesses
CWE-476
NULL Pointer Dereference
CVE Status
PUBLISHED
CNA
Google Inc.
Published Date
2023-04-26 19:15:08
(16 months ago)
Updated Date
2023-05-09 13:58:53
(16 months ago)

Affected Products

Debian

Linux

Configuration #1

    CPE23 From Up To
  Linux Kernel prior 6.1.8 version cpe:2.3:o:linux:linux_kernel < 6.1.8
  Linux Kernel 6.2 Rc1 cpe:2.3:o:linux:linux_kernel:6.2:rc1
  Linux Kernel 6.2 Rc2 cpe:2.3:o:linux:linux_kernel:6.2:rc2
  Linux Kernel 6.2 Rc3 cpe:2.3:o:linux:linux_kernel:6.2:rc3
  Linux Kernel 6.2 Rc4 cpe:2.3:o:linux:linux_kernel:6.2:rc4

Configuration #2

    CPE23 From Up To
  Debian Linux 10.0 cpe:2.3:o:debian:debian_linux:10.0