Published: 2023-02-21
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Security features bypass
EUVDB-ID: #VU72469
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2023-0045
CWE-ID: CWE-254 - Security Features
Exploit availability: Yes
Description
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to Linux kernel does not correctly mitigate SMT attacks. A local user can bypass Spectre-BTI user space mitigations and gain access to sensitive information.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Linux kernel: All versions
CPE2.3
External links
http://github.com/es0j/CVE-2023-0045http://bugzilla.redhat.com/show_bug.cgi?id=2167288
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
Support the originator by clicking the read the rest link below.