Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47
History

Thu, 26 Sep 2024 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Google

Published: 2023-05-25T13:22:38.338Z

Updated: 2024-09-26T18:39:17.009Z

Reserved: 2023-01-24T09:43:39.956Z

Link: CVE-2023-0459

cve-icon Vulnrichment

Updated: 2024-08-02T05:10:56.155Z

cve-icon NVD

Status : Modified

Published: 2023-05-25T14:15:09.603

Modified: 2024-11-21T07:37:13.187

Link: CVE-2023-0459

cve-icon Redhat

Severity : Low

Publid Date: 2020-02-15T06:30:00Z

Links: CVE-2023-0459 - Bugzilla