CVE-2023-0045 MEDIUM

CVE-2023-0045: Incorrect indirect branch prediction barrier in the Linux Kernel

Vendor Linux

Product Linux Kernel

Weakness CWE-610

Published April 25, 2023

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

4.7/10

Attack vector Local

Attack complexity High

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176. We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96

Key dates

02Disclosure timeline

April 25, 2023 CVE published

February 13, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-0045 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/610.html

Related vulnerabilities

Identifiers

CVE CVE-2023-0045

CWE CWE-610

CVSS 4.7 / MEDIUM

Affected versions