CVE-2023-46813

{"id": "CVE-2023-46813", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}]}, "published": "2023-10-27T03:15:08.270", "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=1212649", "tags": ["Issue Tracking"], "source": "cve@mitre.org"}, {"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.9", "tags": ["Mailing List", "Patch"], "source": "cve@mitre.org"}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=63e44bc52047f182601e7817da969a105aa1f721", "tags": ["Mailing List", "Patch"], "source": "cve@mitre.org"}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a37cd2a59d0cb270b1bba568fd3a3b8668b9d3ba", "tags": ["Mailing List", "Patch"], "source": "cve@mitre.org"}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b9cb9c45583b911e0db71d09caa6b56469eb2bdf", "tags": ["Mailing List", "Patch"], "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html", "source": "cve@mitre.org"}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=1212649", "tags": ["Issue Tracking"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.9", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=63e44bc52047f182601e7817da969a105aa1f721", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a37cd2a59d0cb270b1bba568fd3a3b8668b9d3ba", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b9cb9c45583b911e0db71d09caa6b56469eb2bdf", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en el kernel de Linux anterior a 6.5.9, explotable por usuarios locales con acceso al espacio de usuario de los registros MMIO. La verificaci\u00f3n de acceso incorrecta en el controlador #VC y la emulaci\u00f3n de instrucciones de la emulaci\u00f3n SEV-ES de accesos MMIO podr\u00edan provocar un acceso de escritura arbitrario a la memoria del kernel (y, por lo tanto, una escalada de privilegios). Esto depende de una condici\u00f3n de ejecuci\u00f3n mediante la cual el espacio de usuario puede reemplazar una instrucci\u00f3n antes de que el controlador #VC la lea."}], "lastModified": "2024-11-21T08:29:21.497", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3163B50F-90CD-4C59-B542-BD1C9AE7CCE8", "versionEndExcluding": "6.5.9"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}