CVE-2023-3640

NameCVE-2023-3640
DescriptionA possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could allow a local user to gain access to some important data with memory in an expected location and potentially escalate their privileges on the system.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)jessie, jessie (lts)3.16.84-1vulnerable
stretch (security)4.9.320-2vulnerable
stretch (lts), stretch4.9.320-3vulnerable
buster4.19.249-2vulnerable
buster (security)4.19.304-1vulnerable
bullseye5.10.209-2vulnerable
bullseye (security)5.10.205-2vulnerable
bookworm6.1.76-1vulnerable
bookworm (security)6.1.85-1vulnerable
trixie6.6.15-2vulnerable
sid6.7.12-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsourcejessie(unfixed)end-of-life
linuxsourcestretch(unfixed)end-of-life
linuxsource(unstable)(unfixed)unimportant

Notes

https://bugzilla.redhat.com/show_bug.cgi?id=2217523
Search for package or bug name: Reporting problems