{"api_version":"1","generated_at":"2026-04-23T00:59:32+00:00","cve":"CVE-2023-5090","urls":{"html":"https://cve.report/CVE-2023-5090","api":"https://cve.report/api/cve/CVE-2023-5090.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-5090","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-5090"},"summary":{"title":"CVE-2023-5090","description":"A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2023-11-06 11:15:00","updated_at":"2023-11-14 17:01:00"},"problem_types":["CWE-755"],"metrics":[],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2023-5090","name":"https://access.redhat.com/security/cve/CVE-2023-5090","refsource":"MISC","tags":[],"title":"cve-details","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2248122","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2248122","refsource":"MISC","tags":[],"title":"2248122 – (CVE-2023-5090) CVE-2023-5090 kernel: KVM: SVM: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-5090","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5090","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"5090","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"6.6","cpe7":"rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"5090","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"6.6","cpe7":"rc2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"5090","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"6.6","cpe7":"rc3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"5090","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"6.6","cpe7":"rc4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"5090","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"6.6","cpe7":"rc5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"5090","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"6.6","cpe7":"rc6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"5090","vulnerable":"1","versionEndIncluding":"6.5","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"5090","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"5090","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-5090","qid":"160978","title":"Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2023-12874)"},{"cve":"CVE-2023-5090","qid":"160982","title":"Oracle Enterprise Linux Security Update for unbreakable enterprise kernel-container (ELSA-2023-12911)"},{"cve":"CVE-2023-5090","qid":"160985","title":"Oracle Enterprise Linux Security Update for unbreakable enterprise kernel-container (ELSA-2023-12910)"},{"cve":"CVE-2023-5090","qid":"161237","title":"Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2023-13043)"},{"cve":"CVE-2023-5090","qid":"199929","title":"Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-6497-1)"},{"cve":"CVE-2023-5090","qid":"199933","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6502-1)"},{"cve":"CVE-2023-5090","qid":"199938","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6503-1)"},{"cve":"CVE-2023-5090","qid":"199952","title":"Ubuntu Security Notification for Linux kernel (Oracle) Vulnerabilities (USN-6502-2)"},{"cve":"CVE-2023-5090","qid":"199957","title":"Ubuntu Security Notification for Linux kernel (StarFive) Vulnerabilities (USN-6520-1)"},{"cve":"CVE-2023-5090","qid":"199958","title":"Ubuntu Security Notification for Linux kernel (NVIDIA) Vulnerabilities (USN-6502-3)"},{"cve":"CVE-2023-5090","qid":"199973","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6502-4)"},{"cve":"CVE-2023-5090","qid":"199982","title":"Ubuntu Security Notification for Linux kernel (GCP) Vulnerability (USN-6537-1)"},{"cve":"CVE-2023-5090","qid":"356908","title":"Amazon Linux Security Advisory for kernel : ALAS2023-2023-430"},{"cve":"CVE-2023-5090","qid":"356919","title":"Amazon Linux Security Advisory for kernel-livepatch : ALAS2023LIVEPATCH-2023-026"},{"cve":"CVE-2023-5090","qid":"356921","title":"Amazon Linux Security Advisory for kernel-livepatch : ALAS2023LIVEPATCH-2023-022"},{"cve":"CVE-2023-5090","qid":"356922","title":"Amazon Linux Security Advisory for kernel-livepatch : ALAS2023LIVEPATCH-2023-023"},{"cve":"CVE-2023-5090","qid":"356923","title":"Amazon Linux Security Advisory for kernel-livepatch : ALAS2023LIVEPATCH-2023-024"},{"cve":"CVE-2023-5090","qid":"356924","title":"Amazon Linux Security Advisory for kernel-livepatch : ALAS2023LIVEPATCH-2023-025"},{"cve":"CVE-2023-5090","qid":"356925","title":"Amazon Linux Security Advisory for kernel-livepatch : ALAS2023LIVEPATCH-2023-021"},{"cve":"CVE-2023-5090","qid":"6140012","title":"AWS Bottlerocket Security Update for kernel (GHSA-h793-mm5x-7p69)"},{"cve":"CVE-2023-5090","qid":"6140051","title":"AWS Bottlerocket Security Update for kernel (GHSA-h793-mm5x-7p69)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-5090","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Improper Check or Handling of Exceptional Conditions","cweId":"CWE-703"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"kernel","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"version":"6.6-rc7","status":"unaffected"}]}}]}}]}},{"vendor_name":"Red Hat","product":{"product_data":[{"product_name":"Red Hat Enterprise Linux 6","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}}]}},{"product_name":"Red Hat Enterprise Linux 7","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}}]}},{"product_name":"Red Hat Enterprise Linux 8","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}},{"product_name":"Red Hat Enterprise Linux 9","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}}]}},{"vendor_name":"Fedora","product":{"product_data":[{"product_name":"Fedora","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}}]}}]}},"references":{"reference_data":[{"url":"https://access.redhat.com/security/cve/CVE-2023-5090","refsource":"MISC","name":"https://access.redhat.com/security/cve/CVE-2023-5090"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2248122","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2248122"}]},"work_around":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}],"credits":[{"lang":"en","value":"This issue was discovered by Maxim Levitsky (Red Hat)."}],"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":6,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"HIGH","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H","version":"3.1"}]}},"nvd":{"publishedDate":"2023-11-06 11:15:00","lastModifiedDate":"2023-11-14 17:01:00","problem_types":["CWE-755"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndIncluding":"6.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:6.6:rc5:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:6.6:rc6:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}