{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-0459", "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "state": "PUBLISHED", "assignerShortName": "Google", "dateReserved": "2023-01-24T09:43:39.956Z", "datePublished": "2023-05-25T13:22:38.338Z", "dateUpdated": "2024-09-26T18:39:17.009Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "kernel", "platforms": ["64 bit"], "product": "Linux Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [{"lessThanOrEqual": "74e19ef0ff8061ef55957c3abd71614ef0f42f47", "status": "affected", "version": "4b842e4e25b12951fa10dedb4bc16bc47e3b850c", "versionType": "git"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the \"access_ok\" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47"}], "value": "Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the \"access_ok\" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit\u00a074e19ef0ff8061ef55957c3abd71614ef0f42f47"}], "impacts": [{"capecId": "CAPEC-129", "descriptions": [{"lang": "en", "value": "CAPEC-129 Pointer Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-763", "description": "CWE-763 Release of Invalid Pointer or Reference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2023-05-25T13:22:38.338Z"}, "references": [{"url": "https://github.com/torvalds/linux/commit/4b842e4e25b12951fa10dedb4bc16bc47e3b850c"}, {"url": "https://github.com/torvalds/linux/commit/74e19ef0ff8061ef55957c3abd71614ef0f42f47"}], "source": {"discovery": "UNKNOWN"}, "title": "Copy_from_user Spectre-V1 Gadget in Linux Kernel", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:10:56.155Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/torvalds/linux/commit/4b842e4e25b12951fa10dedb4bc16bc47e3b850c", "tags": ["x_transferred"]}, {"url": "https://github.com/torvalds/linux/commit/74e19ef0ff8061ef55957c3abd71614ef0f42f47", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-26T18:39:01.829060Z", "id": "CVE-2023-0459", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-26T18:39:17.009Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-0459", "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "state": "PUBLISHED", "assignerShortName": "Google", "dateReserved": "2023-01-24T09:43:39.956Z", "datePublished": "2023-05-25T13:22:38.338Z", "dateUpdated": "2024-09-26T18:39:17.009Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "kernel", "platforms": ["64 bit"], "product": "Linux Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [{"lessThanOrEqual": "74e19ef0ff8061ef55957c3abd71614ef0f42f47", "status": "affected", "version": "4b842e4e25b12951fa10dedb4bc16bc47e3b850c", "versionType": "git"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the \"access_ok\" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47"}], "value": "Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the \"access_ok\" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit\u00a074e19ef0ff8061ef55957c3abd71614ef0f42f47"}], "impacts": [{"capecId": "CAPEC-129", "descriptions": [{"lang": "en", "value": "CAPEC-129 Pointer Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-763", "description": "CWE-763 Release of Invalid Pointer or Reference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2023-05-25T13:22:38.338Z"}, "references": [{"url": "https://github.com/torvalds/linux/commit/4b842e4e25b12951fa10dedb4bc16bc47e3b850c"}, {"url": "https://github.com/torvalds/linux/commit/74e19ef0ff8061ef55957c3abd71614ef0f42f47"}], "source": {"discovery": "UNKNOWN"}, "title": "Copy_from_user Spectre-V1 Gadget in Linux Kernel", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:10:56.155Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/torvalds/linux/commit/4b842e4e25b12951fa10dedb4bc16bc47e3b850c", "tags": ["x_transferred"]}, {"url": "https://github.com/torvalds/linux/commit/74e19ef0ff8061ef55957c3abd71614ef0f42f47", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-0459", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-26T18:39:01.829060Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-26T18:39:11.159Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "891AEAFE-6900-48E0-A0EA-B80FCE04588D", "versionEndExcluding": "4.14.307", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2513393F-113F-40C1-828E-542A55286974", "versionEndExcluding": "4.19.274", "versionStartIncluding": "4.19.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "01D7B24C-ACBF-43E4-BA77-9FAF9ECD6941", "versionEndExcluding": "5.4.233", "versionStartIncluding": "5.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A69105CF-22D5-4FE7-A3C6-C80D6CCD0E38", "versionEndExcluding": "5.10.170", "versionStartIncluding": "5.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5CC1A01-8B90-47FC-A28A-9F870D9F407E", "versionEndExcluding": "5.15.96", "versionStartIncluding": "5.15.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ACB5D831-9547-4DFD-866F-DFFC1E72C13E", "versionEndExcluding": "6.1.14", "versionStartIncluding": "6.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "876A1437-FED6-4A5F-A74C-42B5ACC15BC7", "versionEndExcluding": "6.2.1", "versionStartIncluding": "6.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the \"access_ok\" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit\u00a074e19ef0ff8061ef55957c3abd71614ef0f42f47"}], "id": "CVE-2023-0459", "lastModified": "2024-11-21T07:37:13.187", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "cve-coordination@google.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-25T14:15:09.603", "references": [{"source": "cve-coordination@google.com", "tags": ["Patch"], "url": "https://github.com/torvalds/linux/commit/4b842e4e25b12951fa10dedb4bc16bc47e3b850c"}, {"source": "cve-coordination@google.com", "tags": ["Patch"], "url": "https://github.com/torvalds/linux/commit/74e19ef0ff8061ef55957c3abd71614ef0f42f47"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/torvalds/linux/commit/4b842e4e25b12951fa10dedb4bc16bc47e3b850c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/torvalds/linux/commit/74e19ef0ff8061ef55957c3abd71614ef0f42f47"}], "sourceIdentifier": "cve-coordination@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-763"}], "source": "cve-coordination@google.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-763"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:1975", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-372.9.1.rt7.166.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-05-10T00:00:00Z"}, {"advisory": "RHSA-2022:1988", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-372.9.1.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-05-10T00:00:00Z"}], "bugzilla": {"description": "kernel: Copy_from_user on 64-bit versions may leak kernel information", "id": "2216383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216383"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-402", "details": ["Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the \"access_ok\" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit\u00a074e19ef0ff8061ef55957c3abd71614ef0f42f47", "A vulnerability was found in copy_from_user in 64-bit versions of the Linux kernel. This flaw allows a local attacker to bypass the \"access_ok\" sanity check and pass a kernel pointer to copy_from_user(), resulting in kernel data leaking."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-0459", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2020-02-15T06:30:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-0459\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-0459\nhttps://github.com/torvalds/linux/commit/4b842e4e25b12951fa10dedb4bc16bc47e3b850c"], "threat_severity": "Low"}

{}