Published: 24/07/2023 Updated: 07/11/2023

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 0

A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could allow a local user to gain access to some important data with memory in an expected location and potentially escalate their privileges on the system.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel -
redhat enterprise linux 8.0
redhat enterprise linux 9.0

DescriptionA possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implemented in /arch/x86/mm/cpu_entry_area ...

CWE-203 https://bugzilla.redhat.com/show_bug.cgi?id=2217523 https://access.redhat.com/security/cve/CVE-2023-3640 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2023-3640

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-3640

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect