CVE-2023-0045

The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set  function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall.  The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176. We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

History

02 Aug 2023, 17:12

Type Values Removed Values Added
References (MISC) https://github.com/google/security-research/security/advisories/GHSA-9x5g-vmxf-4qj8 - (MISC) https://github.com/google/security-research/security/advisories/GHSA-9x5g-vmxf-4qj8 - Exploit, Third Party Advisory

23 Jul 2023, 02:15

Type Values Removed Values Added
References
  • (MISC) https://github.com/google/security-research/security/advisories/GHSA-9x5g-vmxf-4qj8 -

21 Jul 2023, 19:21

Type Values Removed Values Added
References (MISC) https://security.netapp.com/advisory/ntap-20230714-0001/ - (MISC) https://security.netapp.com/advisory/ntap-20230714-0001/ - Third Party Advisory
CPE cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
First Time Netapp h410s Firmware
Netapp h500s Firmware
Netapp h300s
Netapp active Iq Unified Manager
Netapp h700s
Netapp h410s
Netapp
Netapp h700s Firmware
Netapp h410c
Netapp h300s Firmware
Netapp h500s
Netapp h410c Firmware

18 Jul 2023, 08:15

Type Values Removed Values Added
References
  • (MISC) https://security.netapp.com/advisory/ntap-20230714-0001/ -

Information

Published : 2023-04-25 23:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-0045

Mitre link : CVE-2023-0045

CVE.ORG link : CVE-2023-0045


JSON object : View

Products Affected

netapp

  • h410c_firmware
  • h300s_firmware
  • h500s_firmware
  • h410s_firmware
  • h500s
  • h700s_firmware
  • h410s
  • h410c
  • h300s
  • h700s
  • active_iq_unified_manager

linux

  • linux_kernel

debian

  • debian_linux
CWE
CWE-610

Externally Controlled Reference to a Resource in Another Sphere