CVE-2023-1998
Summary
| CVE | CVE-2023-1998 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-04-21 15:15:00 UTC |
|---|
| Updated | 2023-05-03 15:16:00 UTC |
|---|
| Description | The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line.
This happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Linux Kernel: Spectre v2 SMT mitigations problem · Advisory · google/security-research · GitHub |
MISC |
github.com |
|
| [SECURITY] [DLA 3403-1] linux security update |
MISC |
lists.debian.org |
Mailing List, Third Party Advisory |
| [SECURITY] [DLA 3404-1] linux-5.10 security update |
MISC |
lists.debian.org |
|
| x86/speculation: Allow enabling STIBP with legacy IBRS · torvalds/linux@6921ed9 · GitHub |
MISC |
github.com |
|
| ???????? |
MISC |
kernel.dance |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160837 Oracle Enterprise Linux Security Update for kernel (ELSA-2023-4377)
- 161147 Oracle Enterprise Linux Security Update for kernel (ELSA-2023-7077)
- 181765 Debian Security Update for linux-5.10 (DLA 3404-1)
- 181768 Debian Security Update for linux (DLA 3403-1)
- 184827 Debian Security Update for linux (CVE-2023-1998)
- 199298 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-6033-1)
- 199424 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6172-1)
- 199425 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6171-1)
- 199438 Ubuntu Security Notification for Linux kernel (IBM) Vulnerabilities (USN-6187-1)
- 199439 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6185-1)
- 199451 Ubuntu Security Notification for Linux kernel (Intel IoTG) Vulnerabilities (USN-6207-1)
- 199463 Ubuntu Security Notification for Linux kernel (Azure CVM) Vulnerabilities (USN-6223-1)
- 199465 Ubuntu Security Notification for Linux kernel (Xilinx ZynqMP) Vulnerabilities (USN-6222-1)
- 199614 Ubuntu Security Notification for Linux kernel (IoT) Vulnerabilities (USN-6256-1)
- 241878 Red Hat Update for kernel security (RHSA-2023:4377)
- 241886 Red Hat Update for kernel-rt (RHSA-2023:4378)
- 242154 Red Hat Update for kernel (RHSA-2023:5604)
- 242157 Red Hat Update for kernel-rt (RHSA-2023:5603)
- 242434 Red Hat Update for kernel-rt security (RHSA-2023:6901)
- 242451 Red Hat Update for kernel security (RHSA-2023:7077)
- 242855 Red Hat Update for kernel (RHSA-2024:0412)
- 355138 Amazon Linux Security Advisory for kernel : ALAS-2023-138
- 355288 Amazon Linux Security Advisory for kernel : ALAS-2023-138
- 355291 Amazon Linux Security Advisory for kernel : ALAS-2023-138
- 355297 Amazon Linux Security Advisory for kernel : ALAS-2023-138
- 355301 Amazon Linux Security Advisory for kernel : ALAS-2023-138
- 355305 Amazon Linux Security Advisory for kernel : ALAS-2023-138
- 355307 Amazon Linux Security Advisory for kernel : ALAS-2023-138
- 355314 Amazon Linux Security Advisory for kernel : ALAS2023-2023-138
- 673393 EulerOS Security Update for kernel (EulerOS-SA-2023-2647)
- 674113 EulerOS Security Update for kernel (EulerOS-SA-2023-2689)
- 753980 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2151-1)
- 753981 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2146-1)
- 753982 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2148-1)
- 753985 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2162-1)
- 754005 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2163-1)
- 754023 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2232-1)
- 755851 SUSE Enterprise Linux Security Update for the linux kernel (SUSE-SU-2023:2646-1)
- 906894 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (26372-1)
- 906902 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (26368-1)
- 907090 Common Base Linux Mariner (CBL-Mariner) Security Update for hyperv-daemons (26234-1)
- 907149 Common Base Linux Mariner (CBL-Mariner) Security Update for hyperv-daemons (26261-1)
- 941213 AlmaLinux Security Update for kernel (ALSA-2023:4377)
- 941214 AlmaLinux Security Update for kernel-rt (ALSA-2023:4378)
- 941453 AlmaLinux Security Update for kernel (ALSA-2023:7077)
- 960961 Rocky Linux Security Update for kernel-rt (RLSA-2023:4378)
