CVE-2023-0459

CVSS v3.1 5.5 (Medium)

EPSS 0.04 % (10^th)

Affected Products 1

Advisories 41

Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47

Weaknesses

CWE-763: Release of Invalid Pointer or Reference

CVE Status: PUBLISHED
CNA: Google Inc.
Published Date: 2023-05-25 14:15:09
(16 months ago)
Updated Date: 2023-06-06 13:47:53
(15 months ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel prior 4.14.307 version	cpe:2.3:o:linux:linux_kernel		< 4.14.307
Linux Kernel from 4.19.0 version and prior 4.19.274 version	cpe:2.3:o:linux:linux_kernel	>= 4.19.0	< 4.19.274
Linux Kernel from 5.4.0 version and prior 5.4.233 version	cpe:2.3:o:linux:linux_kernel	>= 5.4.0	< 5.4.233
Linux Kernel from 5.10.0 version and prior 5.10.170 version	cpe:2.3:o:linux:linux_kernel	>= 5.10.0	< 5.10.170
Linux Kernel from 5.15.0 version and prior 5.15.96 version	cpe:2.3:o:linux:linux_kernel	>= 5.15.0	< 5.15.96
Linux Kernel from 6.1.0 version and prior 6.1.14 version	cpe:2.3:o:linux:linux_kernel	>= 6.1.0	< 6.1.14
Linux Kernel from 6.2.0 version and prior 6.2.1 version	cpe:2.3:o:linux:linux_kernel	>= 6.2.0	< 6.2.1