CVE-2023-1637 — MEDIUM (5.5)

Vulnerability Description

A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of the CPU similar to the speculative execution behavior kind of attacks.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	5.18

Related Weaknesses (CWE)

CWE-226 CWE-212

References

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e2Mailing ListPatch
https://sourceware.org/bugzilla/show_bug.cgi?id=27398Issue Tracking
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e2Mailing ListPatch
https://sourceware.org/bugzilla/show_bug.cgi?id=27398Issue Tracking
https://sourceware.org/bugzilla/show_bug.cgi?id=27398Issue Tracking

FAQ

What is CVE-2023-1637?

CVE-2023-1637 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CP...

How severe is CVE-2023-1637?

CVE-2023-1637 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-1637?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.