{"api_version":"1","generated_at":"2026-04-22T23:52:26+00:00","cve":"CVE-2023-0458","urls":{"html":"https://cve.report/CVE-2023-0458","api":"https://cve.report/api/cve/CVE-2023-0458.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-0458","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-0458"},"summary":{"title":"CVE-2023-0458","description":"A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11","state":"PUBLIC","assigner":"security@google.com","published_at":"2023-04-26 19:15:00","updated_at":"2023-05-09 13:58:00"},"problem_types":["CWE-476"],"metrics":[],"references":[{"url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/diff/kernel/sys.c?id=v6.1.8&id2=v6.1.7","name":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/diff/kernel/sys.c?id=v6.1.8&id2=v6.1.7","refsource":"MISC","tags":[],"title":"kernel/git/stable/linux.git - Linux kernel stable tree","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html","name":"https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html","refsource":"MISC","tags":[],"title":"[SECURITY] [DLA 3403-1] linux security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/torvalds/linux/commit/739790605705ddcf18f21782b9c99ad7d53a8c11","name":"https://github.com/torvalds/linux/commit/739790605705ddcf18f21782b9c99ad7d53a8c11","refsource":"MISC","tags":[],"title":"prlimit: do_prlimit needs to have a speculation check · torvalds/linux@7397906 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html","name":"https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html","refsource":"MISC","tags":[],"title":"[SECURITY] [DLA 3404-1] linux-5.10 security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-0458","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0458","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"458","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"458","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"458","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"6.2","cpe7":"rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"458","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"6.2","cpe7":"rc2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"458","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"6.2","cpe7":"rc3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"458","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"6.2","cpe7":"rc4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-0458","qid":"160719","title":"Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2023-12375)"},{"cve":"CVE-2023-0458","qid":"160837","title":"Oracle Enterprise Linux Security Update for kernel (ELSA-2023-4377)"},{"cve":"CVE-2023-0458","qid":"161147","title":"Oracle Enterprise Linux Security Update for kernel (ELSA-2023-7077)"},{"cve":"CVE-2023-0458","qid":"181765","title":"Debian Security Update for linux-5.10 (DLA 3404-1)"},{"cve":"CVE-2023-0458","qid":"181768","title":"Debian Security Update for linux (DLA 3403-1)"},{"cve":"CVE-2023-0458","qid":"184967","title":"Debian Security Update for linux (CVE-2023-0458)"},{"cve":"CVE-2023-0458","qid":"199343","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6079-1)"},{"cve":"CVE-2023-0458","qid":"199353","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6091-1)"},{"cve":"CVE-2023-0458","qid":"199354","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6096-1)"},{"cve":"CVE-2023-0458","qid":"199356","title":"Ubuntu Security Notification for Linux kernel (BlueField) Vulnerabilities (USN-6093-1)"},{"cve":"CVE-2023-0458","qid":"199385","title":"Ubuntu Security Notification for Linux kernel (Intel IoTG) Vulnerabilities (USN-6134-1)"},{"cve":"CVE-2023-0458","qid":"199465","title":"Ubuntu Security Notification for Linux kernel (Xilinx ZynqMP) Vulnerabilities (USN-6222-1)"},{"cve":"CVE-2023-0458","qid":"199614","title":"Ubuntu Security Notification for Linux kernel (IoT) Vulnerabilities (USN-6256-1)"},{"cve":"CVE-2023-0458","qid":"199617","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6254-1)"},{"cve":"CVE-2023-0458","qid":"199764","title":"Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-6385-1)"},{"cve":"CVE-2023-0458","qid":"199775","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6341-1)"},{"cve":"CVE-2023-0458","qid":"241878","title":"Red Hat Update for kernel security (RHSA-2023:4377)"},{"cve":"CVE-2023-0458","qid":"241886","title":"Red Hat Update for kernel-rt (RHSA-2023:4378)"},{"cve":"CVE-2023-0458","qid":"242434","title":"Red Hat Update for kernel-rt security (RHSA-2023:6901)"},{"cve":"CVE-2023-0458","qid":"242451","title":"Red Hat Update for kernel security (RHSA-2023:7077)"},{"cve":"CVE-2023-0458","qid":"242789","title":"Red Hat Update for kernel (RHSA-2024:0575)"},{"cve":"CVE-2023-0458","qid":"242890","title":"Red Hat Update for kernel (RHSA-2024:0724)"},{"cve":"CVE-2023-0458","qid":"355255","title":"Amazon Linux Security Advisory for kernel : ALAS-2023-127"},{"cve":"CVE-2023-0458","qid":"355287","title":"Amazon Linux Security Advisory for kernel : ALAS-2023-127"},{"cve":"CVE-2023-0458","qid":"355294","title":"Amazon Linux Security Advisory for kernel : ALAS-2023-127"},{"cve":"CVE-2023-0458","qid":"355295","title":"Amazon Linux Security Advisory for kernel : ALAS-2023-127"},{"cve":"CVE-2023-0458","qid":"355300","title":"Amazon Linux Security Advisory for kernel : ALAS-2023-127"},{"cve":"CVE-2023-0458","qid":"355303","title":"Amazon Linux Security Advisory for kernel : ALAS-2023-127"},{"cve":"CVE-2023-0458","qid":"355309","title":"Amazon Linux Security Advisory for kernel : ALAS-2023-127"},{"cve":"CVE-2023-0458","qid":"355312","title":"Amazon Linux Security Advisory for kernel : ALAS2023-2023-127"},{"cve":"CVE-2023-0458","qid":"378701","title":"Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2023:0030)"},{"cve":"CVE-2023-0458","qid":"378710","title":"Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2023:0079)"},{"cve":"CVE-2023-0458","qid":"379043","title":"Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2023:0136)"},{"cve":"CVE-2023-0458","qid":"390285","title":"Oracle Managed Virtualization (VM) Server for x86 Security Update for kernel (OVMSA-2023-0017)"},{"cve":"CVE-2023-0458","qid":"390286","title":"Oracle Managed Virtualization (VM) Server for x86 Security Update for kernel (OVMSA-2023-0018)"},{"cve":"CVE-2023-0458","qid":"390292","title":"Oracle Managed Virtualization (VM) Server for x86 Security Update for None (OVMSA-2023-0016)"},{"cve":"CVE-2023-0458","qid":"673214","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-2383)"},{"cve":"CVE-2023-0458","qid":"673232","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-2357)"},{"cve":"CVE-2023-0458","qid":"673261","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-2614)"},{"cve":"CVE-2023-0458","qid":"673272","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-2584)"},{"cve":"CVE-2023-0458","qid":"673393","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-2647)"},{"cve":"CVE-2023-0458","qid":"673498","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-3132)"},{"cve":"CVE-2023-0458","qid":"674113","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-2689)"},{"cve":"CVE-2023-0458","qid":"906883","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (26412-1)"},{"cve":"CVE-2023-0458","qid":"906930","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (26415-1)"},{"cve":"CVE-2023-0458","qid":"941213","title":"AlmaLinux Security Update for kernel (ALSA-2023:4377)"},{"cve":"CVE-2023-0458","qid":"941214","title":"AlmaLinux Security Update for kernel-rt (ALSA-2023:4378)"},{"cve":"CVE-2023-0458","qid":"941453","title":"AlmaLinux Security Update for kernel (ALSA-2023:7077)"},{"cve":"CVE-2023-0458","qid":"960961","title":"Rocky Linux Security Update for kernel-rt (RLSA-2023:4378)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-0458","ASSIGNER":"security@google.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11"}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-476 NULL Pointer Dereference","cweId":"CWE-476"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Linux","product":{"product_data":[{"product_name":"Linux Kernel","version":{"version_data":[{"version_affected":"<=","version_name":"0","version_value":"6.1.8"}]}}]}}]}},"references":{"reference_data":[{"url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/diff/kernel/sys.c?id=v6.1.8&id2=v6.1.7","refsource":"MISC","name":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/diff/kernel/sys.c?id=v6.1.8&id2=v6.1.7"},{"url":"https://github.com/torvalds/linux/commit/739790605705ddcf18f21782b9c99ad7d53a8c11","refsource":"MISC","name":"https://github.com/torvalds/linux/commit/739790605705ddcf18f21782b9c99ad7d53a8c11"},{"url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html","refsource":"MISC","name":"https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"},{"url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html","refsource":"MISC","name":"https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"INTERNAL"},"impact":{"cvss":[{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}]}},"nvd":{"publishedDate":"2023-04-26 19:15:00","lastModifiedDate":"2023-05-09 13:58:00","problem_types":["CWE-476"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.7,"baseSeverity":"MEDIUM"},"exploitabilityScore":1,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:6.2:rc4:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.1.8","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}