{"api_version":"1","generated_at":"2026-04-22T23:52:23+00:00","cve":"CVE-2023-1637","urls":{"html":"https://cve.report/CVE-2023-1637","api":"https://cve.report/api/cve/CVE-2023-1637.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-1637","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-1637"},"summary":{"title":"CVE-2023-1637","description":"A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of the CPU similar to the speculative execution behavior kind of attacks.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2023-03-27 22:15:00","updated_at":"2023-11-07 04:04:00"},"problem_types":["CWE-212"],"metrics":[],"references":[{"url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e2a1256b17b16f9b9adf1b6fea56819e7b68e463","name":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e2a1256b17b16f9b9adf1b6fea56819e7b68e463","refsource":"MISC","tags":[],"title":"kernel/git/torvalds/linux.git - Linux kernel source tree","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=27398","name":"https://sourceware.org/bugzilla/show_bug.cgi?id=27398","refsource":"MISC","tags":[],"title":"27398 – x86: Improve testing false positive for tst-cpu-features-cpuinfo with bad hardware.","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-1637","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1637","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"1637","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"5.18","cpe7":"rc2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-1637","qid":"160912","title":"Oracle Enterprise Linux Security Update for kernel (ELSA-2023-5069)"},{"cve":"CVE-2023-1637","qid":"181712","title":"Debian Security Update for linux (CVE-2023-1637)"},{"cve":"CVE-2023-1637","qid":"242147","title":"Red Hat Update for kernel (RHSA-2023:5628)"},{"cve":"CVE-2023-1637","qid":"242188","title":"Red Hat Update for kernel-rt (RHSA-2023:5794)"},{"cve":"CVE-2023-1637","qid":"672935","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-1824)"},{"cve":"CVE-2023-1637","qid":"673208","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-2315)"},{"cve":"CVE-2023-1637","qid":"673393","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-2647)"},{"cve":"CVE-2023-1637","qid":"674113","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-2689)"},{"cve":"CVE-2023-1637","qid":"754120","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2611-1)"},{"cve":"CVE-2023-1637","qid":"754145","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2651-1)"},{"cve":"CVE-2023-1637","qid":"754160","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2808-1)"},{"cve":"CVE-2023-1637","qid":"754167","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2822-1)"},{"cve":"CVE-2023-1637","qid":"754168","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2830-1)"},{"cve":"CVE-2023-1637","qid":"755851","title":"SUSE Enterprise Linux Security Update for the linux kernel (SUSE-SU-2023:2646-1)"},{"cve":"CVE-2023-1637","qid":"941249","title":"AlmaLinux Security Update for kernel (ALSA-2023:5069)"},{"cve":"CVE-2023-1637","qid":"941254","title":"AlmaLinux Security Update for kernel-rt (ALSA-2023:5091)"},{"cve":"CVE-2023-1637","qid":"961015","title":"Rocky Linux Security Update for kernel-rt (RLSA-2023:5091)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2023-1637","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Kernel","version":{"version_data":[{"version_value":"Linux kernel 5.18-rc2"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-226 -> CWE-385 -> CWE-200"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e2a1256b17b16f9b9adf1b6fea56819e7b68e463","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e2a1256b17b16f9b9adf1b6fea56819e7b68e463"},{"refsource":"MISC","name":"https://sourceware.org/bugzilla/show_bug.cgi?id=27398","url":"https://sourceware.org/bugzilla/show_bug.cgi?id=27398"}]},"description":{"description_data":[{"lang":"eng","value":"A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of the CPU similar to the speculative execution behavior kind of attacks."}]}},"nvd":{"publishedDate":"2023-03-27 22:15:00","lastModifiedDate":"2023-11-07 04:04:00","problem_types":["CWE-212"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:5.18:rc2:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}