A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could allow a local user to gain access to some important data with memory in an expected location and potentially escalate their privileges on the system.
Fixes

Solution

No solution given by the vendor.


Workaround

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

History

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00136}

epss

{'score': 0.0014}


Wed, 16 Apr 2025 15:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9

Tue, 15 Apr 2025 11:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:enterprise_linux:9::crb
cpe:/a:redhat:enterprise_linux:9::nfv
cpe:/a:redhat:enterprise_linux:9::realtime
cpe:/o:redhat:enterprise_linux:9::baseos
References

Wed, 05 Mar 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-09-25T02:25:39.751Z

Reserved: 2023-07-12T15:37:45.552Z

Link: CVE-2023-3640

cve-icon Vulnrichment

Updated: 2024-08-02T07:01:57.304Z

cve-icon NVD

Status : Modified

Published: 2023-07-24T16:15:13.063

Modified: 2025-04-15T12:15:17.840

Link: CVE-2023-3640

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-06-23T00:00:00Z

Links: CVE-2023-3640 - Bugzilla

cve-icon OpenCVE Enrichment

No data.